roles/common: Add missing section to Debian 11 sshd_config

We need to be able to configure the list of SSH users.
This commit is contained in:
Alan Orth 2021-09-27 12:59:05 +03:00
parent 0421807e4d
commit 65e6dd34cd
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
1 changed files with 7 additions and 2 deletions

View File

@ -134,5 +134,10 @@ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
# only allow shell access by provisioning user
AllowUsers {{ provisioning_user.name }}
{% if ssh_allowed_users is defined and ssh_allowed_users %}
# Is there a list of allowed users?
# Is it populated? (An empty list is 'None', which evaluates as False in Python)
# merge the items of a list into one string using a space as a separator
# http://jinja.pocoo.org/docs/dev/templates/#join
AllowUsers {{ ssh_allowed_users|join(" ") }} {{ provisioning_user.name }}
{% endif %}