mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-12-23 09:00:19 +01:00
Workaround namespace feature also for RHEL6
The OpenSSH 5.3 in RHEL6 is so old it does not support "Match all" so we need some creative workaround for this old stuff.
This commit is contained in:
parent
ee2096d680
commit
91784d1874
4 changed files with 20 additions and 3 deletions
|
@ -126,7 +126,7 @@
|
|||
group: "{{ sshd_config_group }}"
|
||||
mode: "{{ sshd_config_mode }}"
|
||||
block: |
|
||||
Match all
|
||||
{{ __sshd_compat_match_all }}
|
||||
{{ lookup('template', 'sshd_config_snippet.j2') }}
|
||||
create: yes
|
||||
marker: "# {mark} sshd system role managed block: namespace {{ sshd_config_namespace }}"
|
||||
|
|
|
@ -60,17 +60,31 @@
|
|||
command: sshd -T -Cuser=nobody,host=example.com,addr=127.0.0.2
|
||||
register: nonmatching
|
||||
|
||||
- name: Check content of configuration file (blocks)
|
||||
assert:
|
||||
that:
|
||||
- "config.content | b64decode | regex_search('Match all\\s*AcceptEnv EDITOR')"
|
||||
- "config.content | b64decode | regex_search('Match all\\s*AcceptEnv LS_COLORS')"
|
||||
when:
|
||||
- ansible_facts['os_family'] != 'RedHat' or ansible_facts['distribution_major_version'] != '6'
|
||||
|
||||
- name: Check content of configuration file (blocks for RHEL 6)
|
||||
assert:
|
||||
that:
|
||||
- "config.content | b64decode | regex_search('Match address *\\s*AcceptEnv EDITOR')"
|
||||
- "config.content | b64decode | regex_search('Match address *\\s*AcceptEnv LS_COLORS')"
|
||||
when:
|
||||
- ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '6'
|
||||
|
||||
- name: Check content of configuration file
|
||||
assert:
|
||||
that:
|
||||
- "'AcceptEnv EDITOR' in config.content | b64decode"
|
||||
- "config.content | b64decode | regex_search('Match all\\s*AcceptEnv EDITOR')"
|
||||
- "'PasswordAuthentication yes' in config.content | b64decode"
|
||||
- "'Match user root' in config.content | b64decode"
|
||||
- "'AllowAgentForwarding no' in config.content | b64decode"
|
||||
- "config.content | b64decode | regex_search('Match user root\\s*AllowAgentForwarding no')"
|
||||
- "'AcceptEnv LS_COLORS' in config.content | b64decode"
|
||||
- "config.content | b64decode | regex_search('Match all\\s*AcceptEnv LS_COLORS')"
|
||||
- "'PasswordAuthentication no' in config.content | b64decode"
|
||||
- "'Match Address 127.0.0.1' in config.content | b64decode"
|
||||
- "'AllowTcpForwarding no' in config.content | b64decode"
|
||||
|
|
|
@ -22,3 +22,4 @@ __sshd_defaults:
|
|||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||
__sshd_os_supported: yes
|
||||
__sshd_sysconfig_supports_use_strong_rng: true
|
||||
__sshd_compat_match_all: Match address *
|
||||
|
|
|
@ -5,3 +5,5 @@ __sshd_config_mode: "0600"
|
|||
__sshd_hostkey_owner: "root"
|
||||
__sshd_hostkey_group: "root"
|
||||
__sshd_hostkey_mode: "0600"
|
||||
# The OpenSSH 5.3 in RHEL6 does not support "Match all" so we need a workaround
|
||||
__sshd_compat_match_all: Match all
|
||||
|
|
Loading…
Reference in a new issue