Patrick Marchand
75aad3e5d7
We need to register that the match user and allow user is now present after adding the first user.
40 lines
1.3 KiB
YAML
40 lines
1.3 KiB
YAML
---
|
|
|
|
- name: "Add AllowUsers sshd directive with '{{ user.name }}'"
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
line: "\nAllowUsers {{ user.name }}"
|
|
insertafter: 'Subsystem'
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
notify: reload sshd
|
|
when: not allow_users_present or not added_allow_user.changed
|
|
register: added_allow_user
|
|
|
|
- name: "Append '{{ user.name }}' to AllowUsers sshd directive"
|
|
replace:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '^(AllowUsers ((?!\b{{ user.name }}\b).)*)$'
|
|
replace: '\1 {{ user.name }}'
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
notify: reload sshd
|
|
when: allow_users_present or added_allow_user.changed
|
|
|
|
- name: "Add Match User sshd directive with '{{ user.name }}'"
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
line: "\nMatch User {{ user.name }}\n PasswordAuthentication no"
|
|
insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
notify: reload sshd
|
|
when: not match_users_present or not added_match_user.changed
|
|
register: added_match_user
|
|
|
|
- name: "Append '{{ user.name }}' to Match User's sshd directive"
|
|
replace:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '^(Match User ((?!{{ user.name }}).)*)$'
|
|
replace: '\1,{{ user.name }}'
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
notify: reload sshd
|
|
when: match_users_present or added_match_user.changed
|