Optionally disable Allow[Users,Groups] options

defaults/main.yml

@@ -0,0 +1,3 @@
+---
+# Enable AllowUsers and AllowGroups options
+restrict_allow_users: True

readme.md

@@ -7,6 +7,8 @@ Ansible role to configure the OpenSSH `ssh` server.
 Variables
 ---------
 
+* `restrict_allow_users`: enable the `AllowUsers` and `AllowGroups` options.
+
 
 Files
 -----

templates/sshd_config

@@ -32,8 +32,10 @@ UsePAM yes
 
 
 # User Authentication
+{% if restrict_allow_users|default(True) %}
 AllowUsers {{ sshd_allow_users|join(' ') }}
 AllowGroups {{ sshd_allow_groups|join(' ') }}
+{% endif %}
 PermitRootLogin without-password
 
 LoginGraceTime 120