From 326caa417da471de0cb3f7dbac5855229077f7c6 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 13 Nov 2020 17:19:25 +0000
Subject: [PATCH] autofs: Disable ssh authorized keys from users

When home directories are mounted using NFS and Kerberos the system
doesn't have access to authorized_keys file before user logs in.
---
 roles/autofs/tasks/main.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/roles/autofs/tasks/main.yml b/roles/autofs/tasks/main.yml
index 3e22f3d..49506be 100644
--- a/roles/autofs/tasks/main.yml
+++ b/roles/autofs/tasks/main.yml
@@ -47,3 +47,18 @@
     name: autofs
     state: started
     enabled: true
+
+- name: disable authorized_keys file from users
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    line: AuthorizedKeysFile none
+    regexp: '^AuthorizedKeysFile\s+.*'
+  notify: restart sshd
+
+- name: enable authorized_keys file for root
+  blockinfile:
+    path: /etc/ssh/sshd_config
+    block: |
+      Match User root
+          AuthorizedKeysFile .ssh/authorized_keys
+  notify: restart sshd