Merge pull request #132 from hyrsky/master

Added support for AuthorizedKeysFile config setting

README.md

@@ -40,6 +40,7 @@ Warning: This role disables root-login on the target server! Please make sure yo
 |`ssh_allow_users` | '' | if specified, login is allowed only for user names that match one of the patterns.|
 |`ssh_deny_groups` | '' | if specified, login is disallowed for users whose primary group or supplementary group list matches one of the patterns.|
 |`ssh_allow_groups` | '' | if specified, login is allowed only for users whose primary group or supplementary group list matches one of the patterns.|
+|`ssh_authorized_keys_file` | '' | change default file that contains the public keys that can be used for user authentication.|
 |`ssh_print_motd` | false | false to disable printing of the MOTD|
 |`ssh_print_last_log` | false | false to disable display of last login information|
 |`sftp_enabled` | false | true to enable sftp configuration|

default.yml

@@ -36,6 +36,7 @@
     ssh_allow_groups: 'root kitchen vagrant'
     ssh_deny_users: 'foo bar'
     ssh_deny_groups: 'foo bar'
+    ssh_authorized_keys_file: '/etc/ssh/authorized_keys/%u'
     ssh_max_auth_retries: 10
     ssh_permit_tunnel: true
     ssh_print_motd: true

defaults/main.yml

@@ -84,6 +84,9 @@ ssh_deny_groups: ''      # sshd
 # if specified, login is allowed only for users whose primary group or supplementary group list matches one of the patterns.
 ssh_allow_groups: ''      # sshd
 
+# change default file that contains the public keys that can be used for user authentication.
+ssh_authorized_keys_file: ''      # sshd
+
 # false to disable printing of the MOTD
 ssh_print_motd: false      # sshd
 

templates/opensshd.conf.j2

@@ -161,6 +161,10 @@ DenyGroups {{ssh_deny_groups}}
 AllowGroups {{ssh_allow_groups}}
 {% endif %}
 
+{% if ssh_authorized_keys_file %}
+AuthorizedKeysFile {{ ssh_authorized_keys_file }}
+{% endif %}
+
 # Network
 # -------