42 lines
1.1 KiB
YAML
42 lines
1.1 KiB
YAML
---
|
|
|
|
- name: "Create .ssh directory for '{{ user.name }}'"
|
|
file:
|
|
dest: '/home/{{ user.name }}/.ssh/'
|
|
state: directory
|
|
mode: "0700"
|
|
owner: '{{ user.name }}'
|
|
group: '{{ user.name }}'
|
|
|
|
- name: "Add user's SSH public key for '{{ user.name }}'"
|
|
authorized_key:
|
|
user: "{{ user.name }}"
|
|
key: "{{ user.ssh_key }}"
|
|
state: present
|
|
when: user.ssh_key is defined
|
|
|
|
- name: "Add user's SSH public keys for '{{ user.name }}'"
|
|
authorized_key:
|
|
user: "{{ user.name }}"
|
|
key: "{{ ssk_key }}"
|
|
state: present
|
|
with_items: "{{ user.ssh_keys }}"
|
|
loop_control:
|
|
loop_var: ssk_key
|
|
when: user.ssh_keys is defined
|
|
|
|
- name: verify AllowGroups directive
|
|
command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
|
|
changed_when: False
|
|
failed_when: False
|
|
check_mode: no
|
|
register: grep_allowgroups_ssh
|
|
|
|
# If AllowGroups is present or Debian 9+, use AllowGroups mode
|
|
- include: ssh_allowgroups.yml
|
|
when: grep_allowgroups_ssh.rc == 0 or ansible_distribution_major_version | version_compare('9', '>=')
|
|
|
|
# If AllowGroups is absent, use AllowUsers mode
|
|
- include: ssh_allowusers.yml
|
|
when: grep_allowgroups_ssh.rc != 0
|