Release 10.0.0 #100
|
@ -15,6 +15,7 @@ The **patch** part changes incrementally at each release.
|
|||
|
||||
### Changed
|
||||
* elasticsearch: listen on local interface only by default
|
||||
* evolinux-base: use "evolinux_internal_group" for SSH authentication
|
||||
* squid: split systemd tasks into own file
|
||||
|
||||
### Fixed
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
# only the first instance of the keyword is applied. »
|
||||
#
|
||||
# We want to allow any user from a list of IP addresses to login with password,
|
||||
# but users of the "{{ evolinux_ssh_group }}" group can't login with password from other IP addresses
|
||||
# but users of the "{{ evolinux_internal_group }}" group can't login with password from other IP addresses
|
||||
|
||||
- name: "Security directives for Evolinux (Debian 10 or later)"
|
||||
blockinfile:
|
||||
|
@ -20,7 +20,7 @@
|
|||
block: |
|
||||
Match Address {{ evolinux_ssh_password_auth_addresses | join(',') }}
|
||||
PasswordAuthentication yes
|
||||
Match Group {{ evolinux_ssh_group }}
|
||||
Match Group {{ evolinux_internal_group }}
|
||||
PasswordAuthentication no
|
||||
insertafter: EOF
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
|
|
Loading…
Reference in a new issue