From dbc8bf09bf3c0231289d0288aba973f688b447d2 Mon Sep 17 00:00:00 2001
From: Stephane Armanet <stephanearmanet@esss.lu.se>
Date: Mon, 9 Sep 2019 11:56:56 +0200
Subject: [PATCH] add ssh user filtering in variable

---
 defaults/main.yml        | 3 +++
 templates/sshd_config.j2 | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 1afebdf..7fc2917 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -10,6 +10,9 @@ sophos_install_opts: "--update-free --acceptlicence --autostart=true --enableOnB
 sophos_install_extra_opts: ""
 
 # PSS vars
+pss_nas_ssh_allowusers:
+  - csi@172.16.50.11
+  - csi@pss-bastion-01.tn.esss.lu.se
 pss_nas_software_repo_url: https://artifactory.esss.lu.se/artifactory/list/PSS-Softwares/
 pss_nas_software_files:
   - test.zip
diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
index cc30986..dea1a89 100644
--- a/templates/sshd_config.j2
+++ b/templates/sshd_config.j2
@@ -16,4 +16,4 @@ AcceptEnv XMODIFIERS
 Subsystem sftp  /usr/libexec/openssh/sftp-server
 Match User csi
     PasswordAuthentication no
-AllowUsers  csi@172.16.50.11 csi@pss-bastion-01.tn.esss.lu.se
+AllowUsers {% for user in  pss_nas_ssh_allowusers %} {{user}} {% endfor  %}
-- 
GitLab