add ssh authorized keys command

2026-01-26 00:07:45 -07:00
parent 118ee411c7
commit b5d9f37bb7
3 changed files with 19 additions and 0 deletions
--- a/ansible/roles/ldap_client/tasks/sshd.yaml
+++ b/ansible/roles/ldap_client/tasks/sshd.yaml
@@ -0,0 +1,14 @@
+- name: Ensure sshd has AuthorizedKeysCommand
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^AuthorizedKeysCommand'
+    line: 'AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys'
+  notify: restart sshd
+
+- name: Ensure sshd has AuthorizedKeysCommandUser
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^AuthorizedKeysCommandUser'
+    line: 'AuthorizedKeysCommandUser nobody'
+  notify: restart sshd
+