diff --git a/defaults/main.yml b/defaults/main.yml index 4cb9287..e4ef4ee 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,5 +4,11 @@ sshd_default_allowed_users: - "root" - "ansible" +# don't forget to add the ssh_access group! +sshd_default_allowed_groups: + - "root" + - "admins" + + # Enable AllowUsers and AllowGroups options restrict_allow_users: True diff --git a/tasks/main.yml b/tasks/main.yml index 97b2fc1..e42380f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -12,12 +12,10 @@ - ansible_distribution == 'Fedora' - ansible_distribution == 'Archlinux' - - name: Collect all users and groups allowed to login via ssh set_fact: sshd_allow_users: '{{ sshd_default_allowed_users + users.keys() | default({}) | sort }}' - sshd_allow_groups: '{{ ["root", "admins"] + users.keys() | default({}) | sort }}' - + sshd_allow_groups: '{{ sshd_default_allowed_groups + users.keys() | default({}) | sort }}' - name: Copy sshd configuration become: yes