x/browbeat
Code Issues Proposed changes

Prevent no-sshd-dns from interuptting match blocks

Browse Source 
If you have a match block in your sshd config, like so

Match LocalAddress !x.x.x.x.x,!x.x.x.x.x
    DenyUsers nova_migration

And you add UseDNS no right after it you break the sshd
config file.

Change-Id: I614e46c67ab08af6e420f4a192b66f58cc4ebcc4
This commit is contained in:
jkilpatr
2017-05-11 08:28:28 -04:00
committed by Justin Kilpatrick
parent c11374cca1
commit 8c0a21fc19
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/install/roles/no-sshd-dns/tasks/main.yml
View File

@@ -2,7 +2,11 @@
--- ---
- name: Disable DNS resolution in Overcloud sshd config - name: Disable DNS resolution in Overcloud sshd config
lineinfile: dest=/etc/ssh/sshd_config line="UseDNS no" state=present lineinfile:
dest: /etc/ssh/sshd_config
line: "UseDNS no"
state: present
insertbefore: '^Match'
when: "{{disable_ssh_dns}}" when: "{{disable_ssh_dns}}"
become: true become: true
become_user: root become_user: root