From 9ca685a6af0b6c9afbe52b2cf0d8c5682606a62e Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Mon, 30 Jan 2017 12:54:35 +0200
Subject: [PATCH] roles/common: Adjust allowed user logic for Ubuntu 16.04
 sshd_config

---
 roles/common/templates/sshd_config_Ubuntu-16.04.j2 | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/roles/common/templates/sshd_config_Ubuntu-16.04.j2 b/roles/common/templates/sshd_config_Ubuntu-16.04.j2
index 688adbc..ca53ddc 100644
--- a/roles/common/templates/sshd_config_Ubuntu-16.04.j2
+++ b/roles/common/templates/sshd_config_Ubuntu-16.04.j2
@@ -92,10 +92,5 @@ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
 
-{% if ssh_allowed_users is defined and ssh_allowed_users %}
-# Is there a list of allowed users?
-# Is it populated? (An empty list is 'None', which evaluates as False in Python)
-# merge the items of a list into one string using a space as a separator
-# http://jinja.pocoo.org/docs/dev/templates/#join
-AllowUsers {{ ssh_allowed_users|join(" ") }} {{ provisioning_user.name }}
-{% endif %}
+# only allow shell access by provisioning user
+AllowUsers {{ provisioning_user.name }}