X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=roles%2Fssh_conf_hardening%2Ftasks%2Fmain.yaml;h=be26dd06bf1394e8ea77ec33000c5c404717b1c4;hb=f6eb1207cbd3c94bef9e0572556f4abf3d18de79;hp=256620c6050c3c995100c376c161e02518c503dd;hpb=407c56bb4dab1eac542f37c5b0b25cb63133b2f0;p=ta%2Finfra-ansible.git

diff --git a/roles/ssh_conf_hardening/tasks/main.yaml b/roles/ssh_conf_hardening/tasks/main.yaml
index 256620c..be26dd0 100644
--- a/roles/ssh_conf_hardening/tasks/main.yaml
+++ b/roles/ssh_conf_hardening/tasks/main.yaml
@@ -111,7 +111,7 @@
 
 - name: "Limit interactive session count to 2"
   ssh_conf:
-    regexp: '[\s]*MaxSessions"
+    regexp: '[\s]*MaxSessions'
     values: "MaxSessions 2\n"
 
 - name: Banner creation
@@ -130,6 +130,11 @@
     insertafter: '^[\s]*ListenAddress 0.0.0.0'
     line: 'ListenAddress ::'
 
+- name: Enable verbose logging for SSH daemon
+  ssh_conf:
+    regexp: '[\s]*LogLevel'
+    values: "LogLevel VERBOSE"
+
 - name: "Disable Kerberos Authentication"
   ssh_conf:
     regexp: '[\s]*KerberosAuthentication'
@@ -150,10 +155,10 @@
     regexp: '[\s]*ClientAliveCountMax'
     values: "ClientAliveCountMax 0\n"
 
-- name: "Limit logins to members of {{ users['admin_user_name'] }} group"
+- name: "Limit logins to members of admin, keystone, and ironic groups"
   ssh_conf:
     regexp: '[\s]*AllowGroups'
-    values: "AllowGroups {{ users['admin_user_name'] }}\n"
+    values: "AllowGroups {{ users['admin_user_name'] }} {{ keystone_system_group_name |default('keystone') }} {{ ironic_system_group_name | default('ironic') }}\n"
 
 - name: "Disable SSH Support for User Known Hosts"
   ssh_conf:
@@ -169,7 +174,7 @@
     name: sshd
     state: restarted
 
-- name : create a banner file
+- name: create a banner file
   lineinfile:
     path: /etc/banner
     create: yes