diff options
| author | Lars Wirzenius <liw@liw.fi> | 2022-08-09 11:19:18 +0300 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2022-08-09 11:19:18 +0300 |
| commit | c8521a5e296879e376323a75f22192a3ff88501d (patch) | |
| tree | d21634d09004cee2fdc6c2b3057105a932770b1d | |
| parent | be489ab2c20c640d3f72c24cff1c3f7a93ebe15a (diff) | |
| download | debian-ansible-c8521a5e296879e376323a75f22192a3ff88501d.tar.gz | |
sshd: make support for authorize_keys file optional (default yes)
Sponsored-by: author
| -rw-r--r-- | roles/sshd/tasks/main.yml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index c94cf07..e601969 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -61,3 +61,11 @@ TrustedUserCAKeys /etc/ssh/user_ca_pubs dest: /etc/ssh/sshd_config.d/user_ca.conf notify: sshd_restart + +- name: "Configure SSH server to not use 'authorized_keys' files at all." + when: not sshd_allow_authorized_keys + copy: + content: | + AuthorizedKeysFile none + dest: /etc/ssh/sshd_config.d/authorized_keys.conf + notify: sshd_restart |