autofs: Disable ssh authorized keys from users

When home directories are mounted using NFS and Kerberos the system doesn't have access to authorized_keys file before user logs in.
2020-11-13 17:19:25 +00:00 · 2020-11-13 17:19:25 +00:00 · 326caa417d
commit 326caa417d
parent 962787dc04
1 changed files with 15 additions and 0 deletions
--- a/roles/autofs/tasks/main.yml
+++ b/roles/autofs/tasks/main.yml
@ -47,3 +47,18 @@
    name: autofs
    state: started
    enabled: true
+
+- name: disable authorized_keys file from users
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    line: AuthorizedKeysFile none
+    regexp: '^AuthorizedKeysFile\s+.*'
+  notify: restart sshd
+
+- name: enable authorized_keys file for root
+  blockinfile:
+    path: /etc/ssh/sshd_config
+    block: |
+      Match User root
+          AuthorizedKeysFile .ssh/authorized_keys
+  notify: restart sshd