alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/common: Only allow ssh access by provisioning user

Browse Source 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
This commit is contained in:
Alan Orth 2015-09-02 12:24:11 +03:00
parent 4b18f91438
commit 8b336352d7
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
3 changed files with 6 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
roles/common/templates/sshd_config_Debian-8.j2
View File

@ -90,8 +90,5 @@ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
{% if ssh_allowed_users is defined and ssh_allowed_users %}
# Is there a list of allowed users?
# Is it populated? (An empty list is 'None', which evaluates as False in Python)
AllowUsers {{ ssh_allowed_users }} provisioning
{% endif %}
# only allow shell access by provisioning user
AllowUsers {{ provisioning_user.name }}

7
roles/common/templates/sshd_config_Ubuntu-14.04.j2
View File

@ -90,8 +90,5 @@ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
{% if ssh_allowed_users is defined and ssh_allowed_users %}
# Is there a list of allowed users?
# Is it populated? (An empty list is 'None', which evaluates as False in Python)
AllowUsers {{ ssh_allowed_users }} provisioning
{% endif %}
# only allow shell access by provisioning user
AllowUsers {{ provisioning_user.name }}

7
roles/common/templates/sshd_config_Ubuntu-15.04.j2
View File

@ -90,8 +90,5 @@ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
{% if ssh_allowed_users is defined and ssh_allowed_users %}
# Is there a list of allowed users?
# Is it populated? (An empty list is 'None', which evaluates as False in Python)
AllowUsers {{ ssh_allowed_users }} provisioning
{% endif %}
# only allow shell access by provisioning user
AllowUsers {{ provisioning_user.name }}