Allow SSH Password login for specific users
RogerSik opened this issue · 5 comments
RogerSik commented
Would be nice if specific users / users groups are allowed for SSH password logins. We use this for restricted customer sftp uploads accounts.
Currently we use this code in /etc/sshd_config
Match Group ssh-with-password
PasswordAuthentication yes
rndmh3ro commented
Hey!
This should already work with something like this:
ssh_server_match_user:
- user: 'ssh-with-password'
rules:
- 'PasswordAuthentication yes'
See this example:
RogerSik commented
Do I need specific formatting to use it as a variable?
ssh_server_match_group:
- group: 'ssh-with-password'
rules:
- 'PasswordAuthentication yes'
rndmh3ro commented
You need to set it e.g. like this:
- hosts: localhost
vars:
ssh_server_match_group:
- group: 'ssh-with-password'
rules:
- 'PasswordAuthentication yes'
roles:
- ansible-ssh-hardening
rndmh3ro commented
I'll close this for now! Feel free to reopen if the problem persists.