X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Finfra-ansible.git;a=blobdiff_plain;f=roles%2Fssh_conf_hardening%2Ftasks%2Fmain.yaml;fp=roles%2Fssh_conf_hardening%2Ftasks%2Fmain.yaml;h=66d4bce618e43ef5ea8c22dc14bfefb2e593092f;hp=cfc4425106779da579c920ef518bede8f3ce891b;hb=c4369e76d0ea181f6e8e637f3704cb7356a9e104;hpb=c12b19e860be57972222a13b1abc01638f35d42a

diff --git a/roles/ssh_conf_hardening/tasks/main.yaml b/roles/ssh_conf_hardening/tasks/main.yaml
index cfc4425..66d4bce 100644
--- a/roles/ssh_conf_hardening/tasks/main.yaml
+++ b/roles/ssh_conf_hardening/tasks/main.yaml
@@ -150,10 +150,10 @@
     regexp: '[\s]*ClientAliveCountMax'
     values: "ClientAliveCountMax 0\n"
 
-- name: "Limit logins to members of {{ users['admin_user_name'] }} group"
+- name: "Limit logins to members of admin, keystone, and ironic groups"
   ssh_conf:
     regexp: '[\s]*AllowGroups'
-    values: "AllowGroups {{ users['admin_user_name'] }}\n"
+    values: "AllowGroups {{ users['admin_user_name'] }} {{ keystone_system_group_name |default('keystone') }} {{ ironic_system_group_name | default('ironic') }}\n"
 
 - name: "Disable SSH Support for User Known Hosts"
   ssh_conf: