[FIX] sshd_config broken with root only and centos sftp
This commit is contained in:
parent
4c11ea5dfe
commit
11174830cf
|
@ -4,8 +4,8 @@
|
|||
# SSH
|
||||
- name: setup - Copy sshd_config
|
||||
become: yes
|
||||
copy:
|
||||
src: "{{ role_path }}/files/sshd_config"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/sshd_config.j2"
|
||||
dest: "/etc/ssh/sshd_config"
|
||||
backup: yes
|
||||
notify:
|
||||
|
|
|
@ -18,7 +18,11 @@ LogLevel VERBOSE
|
|||
|
||||
# Authentication:
|
||||
#LoginGraceTime 2m
|
||||
{% if 'root' == ansible_user_id %}
|
||||
PermitRootLogin yes
|
||||
{% else %}
|
||||
PermitRootLogin no
|
||||
{% endif %}
|
||||
#StrictModes yes
|
||||
MaxAuthTries 2
|
||||
MaxSessions 2
|
||||
|
@ -59,7 +63,11 @@ UseDNS no
|
|||
AcceptEnv LANG LC_*
|
||||
|
||||
# Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
|
||||
{% if ((override_os_family is defined) | ternary(override_os_family,ansible_os_family)) == 'Centos' %}
|
||||
Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
|
||||
{% else %}
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
|
||||
{% endif %}
|
||||
|
||||
# Example of overriding settings on a per-user basis
|
||||
#Match User anoncvs
|
Loading…
Reference in a new issue