This repository was archived by the owner on Dec 26, 2020. It is now read-only.
This repository was archived by the owner on Dec 26, 2020. It is now read-only.
User login failed after running this module #114
Description
Problem: this module stops one new user from logging in, but not the default ubuntu vagrant user.
I've set up the user/playbook like so:
- role: dev-sec.os-hardening
#- role: dev-sec.ssh-hardening
# sftp_enabled: true
- role: sansible.users_and_groups
users_and_groups:
authorized_keys_dir: /etc/ssh/authorized_keys
groups:
- name: sftp-only
users:
- name: myuser
groups:
- sftp-only
home: /home/myuser
ssh_key: ./myuser.pub
If I comment in this module in the above playbook, I get this error in /var/log/auth.log:
May 23 18:05:21 ubuntu-xenial sshd[26236]: Connection from 10.0.2.2 port 59156 on 10.0.2.15 port 22
May 23 18:05:21 ubuntu-xenial sshd[26236]: User myuser not allowed because account is locked
May 23 18:05:21 ubuntu-xenial sshd[26236]: input_userauth_request: invalid user myuser [preauth]
May 23 18:05:21 ubuntu-xenial sshd[26236]: error: maximum authentication attempts exceeded for invalid user myuser from 10.0.2.2 port 59156 ssh2 [preauth]
May 23 18:05:21 ubuntu-xenial sshd[26236]: Disconnecting: Too many authentication failures [preauth]
May 23 18:05:31 ubuntu-xenial su[22231]: pam_unix(su:session): session closed for user myuser
It's running on xenial64, the 16.04 LTS of Ubuntu.
Provisioning the node without this module makes it possible access both SSH and SFTP with the newly created user.