Make possible to configure allowed users or groups in SSH configuration

roles/common/defaults/main.yml

@@ -43,6 +43,11 @@ ssh_ports:
   - 22
 ssh_ecdsa_key: True
 ssh_usedns: True
+ssh_allowed_users: Null
+ssh_allowed_groups:
+  - 'root'
+  - 'operator'
+  - 'ssh'
 
 with_dnscache: False
 

roles/common/templates/ssh/sshd_config.j2

@@ -104,5 +104,12 @@ UsePAM yes
 # Maximum number of authentication attempts permitted per connection
 MaxAuthTries 3
 
+{% if ssh_allowed_users %}
+# Define users allowed to login
+AllowUsers {{ ssh_allowed_users | join(' ') }}
+{% endif %}
+
+{% if not ssh_allowed_users and ssh_allowed_groups %}
 # Define users groups allowed to login
-AllowGroups root operator ssh
+AllowGroups {{ ssh_allowed_groups | join(' ') }}
+{% endif %}