28 lines
848 B
YAML
28 lines
848 B
YAML
---
|
|
|
|
- name: "root can connect over SSH from other servers"
|
|
blockinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
marker: "# {mark} ROOT AUTHORIZATION"
|
|
block: |
|
|
Match User root Address {{ other_servers_from_group_ips | join(',') }}
|
|
AllowGroups root
|
|
PubkeyAuthentication yes
|
|
PasswordAuthentication no
|
|
PermitRootLogin without-password
|
|
state: present
|
|
notify: reload sshd
|
|
when: (boost_allow_root_ssh_between_servers | bool) and (other_servers_from_group_ips | length > 0)
|
|
tags:
|
|
- ssh
|
|
|
|
- name: "root can connect over SSH from other servers"
|
|
blockinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
marker: "# {mark} ROOT AUTHORIZATION"
|
|
state: absent
|
|
notify: reload sshd
|
|
when: not (boost_allow_root_ssh_between_servers | bool) or (other_servers_from_group_ips | length <= 0)
|
|
tags:
|
|
- ssh
|