[FIX] sshd_config broken with root only and centos sftp

This commit is contained in:
Jannik Beyerstedt 2020-03-08 18:00:06 +01:00
parent 4c11ea5dfe
commit 11174830cf
2 changed files with 10 additions and 2 deletions

View file

@ -4,8 +4,8 @@
# SSH
- name: setup - Copy sshd_config
become: yes
copy:
src: "{{ role_path }}/files/sshd_config"
template:
src: "{{ role_path }}/templates/sshd_config.j2"
dest: "/etc/ssh/sshd_config"
backup: yes
notify:

View file

@ -18,7 +18,11 @@ LogLevel VERBOSE
# Authentication:
#LoginGraceTime 2m
{% if 'root' == ansible_user_id %}
PermitRootLogin yes
{% else %}
PermitRootLogin no
{% endif %}
#StrictModes yes
MaxAuthTries 2
MaxSessions 2
@ -59,7 +63,11 @@ UseDNS no
AcceptEnv LANG LC_*
# Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
{% if ((override_os_family is defined) | ternary(override_os_family,ansible_os_family)) == 'Centos' %}
Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
{% else %}
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
{% endif %}
# Example of overriding settings on a per-user basis
#Match User anoncvs