[FIX] sshd_config broken with root only and centos sftp

2020-03-08 18:00:06 +01:00 · 2020-03-08 18:00:06 +01:00 · 11174830cf
parent 4c11ea5dfe
commit 11174830cf
2 changed files with 10 additions and 2 deletions
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@ -4,8 +4,8 @@
 # SSH
 - name: setup - Copy sshd_config
  become: yes
-  copy:
-    src: "{{ role_path }}/files/sshd_config"
+  template:
+    src: "{{ role_path }}/templates/sshd_config.j2"
    dest: "/etc/ssh/sshd_config"
    backup: yes
  notify:
--- a/templates/sshd_config.j2
+++ b/templates/sshd_config.j2
@ -18,7 +18,11 @@ LogLevel VERBOSE

 # Authentication:
 #LoginGraceTime 2m
+{% if 'root' == ansible_user_id %}
+PermitRootLogin yes
+{% else %}
 PermitRootLogin no
+{% endif %}
 #StrictModes yes
 MaxAuthTries 2
 MaxSessions 2
@ -59,7 +63,11 @@ UseDNS no
 AcceptEnv LANG LC_*

 # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
+{% if ((override_os_family is defined) | ternary(override_os_family,ansible_os_family)) == 'Centos' %}
+Subsystem sftp  /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
+{% else %}
 Subsystem sftp  /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
+{% endif %}

 # Example of overriding settings on a per-user basis
 #Match User anoncvs