I will be creating a template from the sshd_config file, basically a copy of it that will be used to deploy to other manage nodes.
Just remember different operating systems may have different options in the sshd config file. The template format is j2 for Jinja2 is a commonly used templating engine.
First create the template folder in the base directory
cd /etc/ansible/roles/base/
sudo mkdir templatesNext lets copy the sshd_config and name it as .j2 extension and centos in the name
sudo cp /etc/ssh/sshd_config /etc/ansible/roles/base/templates/sshd_config_centos.j2modify the j2 file
sudo nano /etc/ansible/roles/base/templates/sshd_config_centos.j2
# add the below
AllowUsers {{ ssh_users}}fix permissions
cd /etc/ansible/roles/base/templates
sudo chmod -R 777 sshd_config_centos.j2now I will create a IP.yml files for each of my centos boxes in the host_vars folder, I will not set this up for my ubuntu boxes so it may fail on them.
sudo nano 192.168.1.150.yml
sudo nano 192.168.1.151.yml
# add this
ssh_users: "john"
ssh_template_file: sshd_config_centos.j2now lets modify base main.yml
sudo nano /etc/ansible/roles/base/tasks/main.yml# add the following
- name: openssh generate sshd_config file from template
tags: ssh
template:
src: "{{ ssh_template_file }}"
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0644
notify: restart_sshdnow create the handlers directory so when there is a change in the sshd_config file the sshd service gets restarted
cd /etc/ansible/roles/base
mkdir handlers
cd handlers
sudo nano main.yml - name: restart_sshd
service:
name: sshd
state: restarted# run it
ansible-playbook /etc/ansible/playbooks/everything.yml --ask-become-passsee if the AllowUsers john is added to the dest managed hosts in the sshd file /etc/ssh/sshd_config
screen shots below
it failed on the ubuntu boxes because I didn’t create the ip.yml for them and I didn’t create sshd_config for ubuntu and they were turned off, but I did later anyways – screen shots
checking if worked
here are some output of my config
