mirror of
https://github.com/roles-ansible/ansible_role_sshd.git
synced 2024-08-16 11:59:49 +02:00
forbid password auth
This commit is contained in:
parent
4c1d0d8cb7
commit
a875a7b21f
1 changed files with 7 additions and 2 deletions
|
@ -45,9 +45,13 @@ HostKeyAlgorithms
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
|
|
||||||
{#
|
|
||||||
# Client authentication
|
# Client authentication
|
||||||
PasswordAuthentication {{ sshd_password_authentication }}
|
PasswordAuthentication
|
||||||
|
{%- if sshd.password_authentication | bool -%}
|
||||||
|
yes
|
||||||
|
{%- else -%}
|
||||||
|
no
|
||||||
|
{%- endif %}
|
||||||
ChallengeResponseAuthentication no
|
ChallengeResponseAuthentication no
|
||||||
PubkeyAuthentication yes
|
PubkeyAuthentication yes
|
||||||
|
|
||||||
|
@ -56,6 +60,7 @@ PubkeyAuthentication yes
|
||||||
# and ChallengeResponseAuthentication to 'no'.
|
# and ChallengeResponseAuthentication to 'no'.
|
||||||
UsePAM yes
|
UsePAM yes
|
||||||
|
|
||||||
|
{#
|
||||||
# User Authentication
|
# User Authentication
|
||||||
{% if restrict_allow_users|default(True) %}
|
{% if restrict_allow_users|default(True) %}
|
||||||
AllowUsers {{ sshd_allow_users|join(' ') }}
|
AllowUsers {{ sshd_allow_users|join(' ') }}
|
||||||
|
|
Loading…
Reference in a new issue