diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..5c7f89b --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,3 @@ +--- +# Enable AllowUsers and AllowGroups options +restrict_allow_users: True diff --git a/readme.md b/readme.md index ce7fc47..bafeabe 100644 --- a/readme.md +++ b/readme.md @@ -7,6 +7,8 @@ Ansible role to configure the OpenSSH `ssh` server. Variables --------- +* `restrict_allow_users`: enable the `AllowUsers` and `AllowGroups` options. + Files ----- diff --git a/templates/sshd_config b/templates/sshd_config index 7dac270..d8315f2 100644 --- a/templates/sshd_config +++ b/templates/sshd_config @@ -32,8 +32,10 @@ UsePAM yes # User Authentication +{% if restrict_allow_users|default(True) %} AllowUsers {{ sshd_allow_users|join(' ') }} AllowGroups {{ sshd_allow_groups|join(' ') }} +{% endif %} PermitRootLogin without-password LoginGraceTime 120