diff options
| author | Lars Wirzenius <liw@liw.fi> | 2022-10-11 08:58:26 +0300 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2022-10-11 08:58:26 +0300 |
| commit | de2826bb21b102d02c240bf2fda5c4edae05ba97 (patch) | |
| tree | fb03c549bbc65abf22d102378a0802a5a66a62f7 /roles | |
| parent | 00c516f3e16d271ede7a60347cd432fb9fad63bf (diff) | |
| download | debian-ansible-de2826bb21b102d02c240bf2fda5c4edae05ba97.tar.gz | |
sshd: guard against a common misconfiguration of mine
Sponsored-by: author
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/sshd/tasks/main.yml | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 9cd2057..66f9103 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -3,6 +3,12 @@ [ "{{ sshd_version }}" = "1" ] || \ (echo "Unexpected version {{ sshd_version }}" 1>&2; exit 1) +- name: "sshd role configuration sanity check" + when: not sshd_allow_authorized_keys and sshd_user_ca_pub is not defined + shell: | + echo "You MUST define sshd_allow_authorized_keys OR sshd_user_ca_pub" + exit 1 + - name: "Configure SSH server to read config files in sshd_config.d" lineinfile: path: /etc/ssh/sshd_config |