- name: "Limit interactive session count to 2"
ssh_conf:
- regexp: '[\s]*MaxSessions"
+ regexp: '[\s]*MaxSessions'
values: "MaxSessions 2\n"
- name: Banner creation
insertafter: '^[\s]*ListenAddress 0.0.0.0'
line: 'ListenAddress ::'
+- name: Enable verbose logging for SSH daemon
+ ssh_conf:
+ regexp: '[\s]*LogLevel"
+ values: "LogLevel VERBOSE"
+
- name: "Disable Kerberos Authentication"
ssh_conf:
regexp: '[\s]*KerberosAuthentication'
regexp: '[\s]*ClientAliveCountMax'
values: "ClientAliveCountMax 0\n"
-- name: "Limit logins to members of {{ users['admin_user_name'] }} group"
+- name: "Limit logins to members of admin, keystone, and ironic groups"
ssh_conf:
regexp: '[\s]*AllowGroups'
- values: "AllowGroups {{ users['admin_user_name'] }}\n"
+ values: "AllowGroups {{ users['admin_user_name'] }} {{ keystone_system_group_name |default('keystone') }} {{ ironic_system_group_name | default('ironic') }}\n"
- name: "Disable SSH Support for User Known Hosts"
ssh_conf:
name: sshd
state: restarted
-- name : create a banner file
+- name: create a banner file
lineinfile:
path: /etc/banner
create: yes