From c8521a5e296879e376323a75f22192a3ff88501d Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Tue, 9 Aug 2022 11:19:18 +0300
Subject: sshd: make support for authorize_keys file optional (default yes)

Sponsored-by: author
---
 roles/sshd/tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'roles')

diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index c94cf07..e601969 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -61,3 +61,11 @@
       TrustedUserCAKeys /etc/ssh/user_ca_pubs
     dest: /etc/ssh/sshd_config.d/user_ca.conf
   notify: sshd_restart
+
+- name: "Configure SSH server to not use 'authorized_keys' files at all."
+  when: not sshd_allow_authorized_keys
+  copy:
+    content: |
+      AuthorizedKeysFile none
+    dest: /etc/ssh/sshd_config.d/authorized_keys.conf
+  notify: sshd_restart
-- 
cgit v1.2.1