evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity
ansible-roles/evolinux-users/tasks/ssh.yml
Jérémy Lecour b01d9178d0 evolinux-users: split AllowGroups/AllowUsers modes 
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.

In other situations, we use the AllowUsers directive.
2018-04-18 12:16:04 +02:00

42 lines
1.1 KiB
YAML
Raw Blame History

---
- name: "Create .ssh directory for '{{ user.name }}'"
file:
dest: '/home/{{ user.name }}/.ssh/'
state: directory
mode: "0700"
owner: '{{ user.name }}'
group: '{{ user.name }}'
- name: "Add user's SSH public key for '{{ user.name }}'"
authorized_key:
user: "{{ user.name }}"
key: "{{ user.ssh_key }}"
state: present
when: user.ssh_key is defined
- name: "Add user's SSH public keys for '{{ user.name }}'"
authorized_key:
user: "{{ user.name }}"
key: "{{ ssk_key }}"
state: present
with_items: "{{ user.ssh_keys }}"
loop_control:
loop_var: ssk_key
when: user.ssh_keys is defined
- name: verify AllowGroups directive
command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
changed_when: False
failed_when: False
check_mode: no
register: grep_allowgroups_ssh
# If AllowGroups is present or Debian 9+, use AllowGroups mode
- include: ssh_groups.yml
when: grep_allowgroups_ssh.rc == 0 or ansible_distribution_major_version | version_compare('9', '>=')
# If AllowGroups is absent, use AllowUsers mode
- include: ssh_users.yml
when: grep_allowgroups_ssh.rc != 0
Reference in a new issue View git blame Copy permalink