X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=fdio.infra.ansible%2Froles%2Fuser_add%2Ftasks%2Fmain.yaml;h=24be30dc6e65452d2d57fb755a88f77543b75b8b;hb=refs%2Fchanges%2F24%2F33024%2F6;hp=f980aff84d8a10732ecb2d0587b15b689b203fca;hpb=df5672b3d9c29b51397f4770eb992c9f3f3955ce;p=csit.git

diff --git a/fdio.infra.ansible/roles/user_add/tasks/main.yaml b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
index f980aff84d..24be30dc6e 100644
--- a/fdio.infra.ansible/roles/user_add/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
@@ -22,27 +22,18 @@
   with_subelements:
     - "{{ users }}"
     - ssh_key
-    - skip_missing: yes
+    - skip_missing: true
   tags:
     - user-add-conf
 
-- name: Conf - Allow Password Login
+- name: Conf - Disable Password Login
   lineinfile:
     dest: "/etc/ssh/sshd_config"
-    regexp: "^PasswordAuthentication no"
-    line: "PasswordAuthentication yes"
+    regexp: "^PasswordAuthentication yes"
+    line: "PasswordAuthentication no"
   notify:
     - "Restart SSHd"
+  when:
+    - sshd_disable_password_login
   tags:
     - user-add-conf
-
-- name: Conf - Add Visudo Entry
-  lineinfile:
-    dest: "/etc/sudoers"
-    state: present
-    line: "{{ item.username }} ALL=(ALL) NOPASSWD: ALL"
-    validate: "visudo -cf %s"
-  with_items: "{{ users }}"
-  tags:
-    - user-add-conf
-