Merge pull request #14 from mmehnert/master

Add support for AuthorizedKeysCommand and AuthorizedKeysCommandUser

README.md

@@ -62,6 +62,9 @@ None
 * `ssh_server_allow_users`: [default: `[]`]: A list of user name patterns. If specified, login is allowed only for user names that match one of the patterns
 * `ssh_server_deny_groups`: [default: `[]`]: A list of group name patterns. If specified, login is disallowed for users whose primary group or supplementary group list matches one of the patterns
 * `ssh_server_deny_users`: [default: `[]`]: A list of user name patterns. If specified, login is disallowed for user names that match one of the patterns
+* `ssh_server_autorized_keys_command`: [default: ]: Specifies a program to be used to look up the user's public keys.
+* `ssh_server_autorized_keys_command_user`: [default: `nobody`]: Specifies the user under whose account the AuthorizedKeysCommand is run
+
 
 ## Dependencies
 

defaults/main.yml

@@ -48,3 +48,4 @@ ssh_server_allow_groups: []
 ssh_server_allow_users: []
 ssh_server_deny_groups: []
 ssh_server_deny_users: []
+ssh_server_autorized_keys_command_user: nobody

templates/etc/ssh/sshd_config.j2

@@ -42,6 +42,12 @@ RSAAuthentication {{ ssh_server_rsa_authentication | bool | ternary('yes', 'no')
 PubkeyAuthentication {{ ssh_server_pubkey_authentication | bool | ternary('yes', 'no') }}
 AuthorizedKeysFile {{ ssh_server_authorized_keys_file }}
 
+{% if ssh_server_autorized_keys_command is defined %}
+AuthorizedKeysCommand {{ ssh_server_autorized_keys_command }}
+AuthorizedKeysCommandUser {{ ssh_server_autorized_keys_command_user }}
+{% endif %}
+
+
 # Don't read the user's ~/.rhosts and ~/.shosts files
 IgnoreRhosts {{ ssh_server_ignore_rhosts | bool | ternary('yes', 'no') }}
 {% if ssh_server_version is version('7.4', '<') %}