Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Prevent no-sshd-dns from interuptting match blocks
If you have a match block in your sshd config, like so

Match LocalAddress !x.x.x.x.x,!x.x.x.x.x
    DenyUsers nova_migration

And you add UseDNS no right after it you break the sshd
config file.

Change-Id: I614e46c67ab08af6e420f4a192b66f58cc4ebcc4
  • Loading branch information
jkilpatr committed May 12, 2017
1 parent c11374c commit 8c0a21f
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion ansible/install/roles/no-sshd-dns/tasks/main.yml
Expand Up @@ -2,7 +2,11 @@
---

- name: Disable DNS resolution in Overcloud sshd config
lineinfile: dest=/etc/ssh/sshd_config line="UseDNS no" state=present
lineinfile:
dest: /etc/ssh/sshd_config
line: "UseDNS no"
state: present
insertbefore: '^Match'
when: "{{disable_ssh_dns}}"
become: true
become_user: root
Expand Down

0 comments on commit 8c0a21f

Please sign in to comment.