Merge pull request #430 from cleberb/fix_sshd

Fix sshd

tasks/sshconfig.yml

@@ -175,7 +175,7 @@
     owner: root
     group: root
     validate: /usr/sbin/sshd -T -C user=root -C host=localhost -C addr=localhost -C lport=22 -f %s
-  when: sshd_config_force_replace | bool or not sshd_config_d.stat.exists or grep_include.rc != 0
+  when: (sshd_config_force_replace | bool) or (not sshd_config_d.stat.exists) or (grep_include.rc != 0)
   notify:
     - Restart sshd service
     - Restart ssh service
@@ -229,7 +229,10 @@
     owner: root
     group: root
     validate: /usr/sbin/sshd -T -C user=root -C host=localhost -C addr=localhost -C lport=22 -f %s
-  when: not ( sshd_config_force_replace | bool ) and sshd_config_d.stat.exists and grep_include.rc == 0
+  when:
+    - not (sshd_config_force_replace | bool)
+    - sshd_config_d.stat.exists
+    - grep_include.rc == 0
   notify:
     - Restart sshd service
     - Restart ssh service
@@ -279,7 +282,10 @@
     path: /etc/ssh/sshd_config
     regexp: ^Subsystem.*
     state: absent
-  when: sshd_config_d.stat.exists and grep_include.rc == 0
+  when:
+    - not (sshd_config_force_replace | bool)
+    - sshd_config_d.stat.exists
+    - grep_include.rc == 0
   tags:
     - sshd
     - sshd_config

templates/etc/ssh/sshd_config.j2

@@ -132,7 +132,7 @@ Banner {{ sshd_banner if sshd_banner else 'none' }}
 DebianBanner {{ 'yes' if (sshd_debian_banner | bool) else 'no' }}
 {% endif %}
 
-{%+ if sshd_sftp_enabled +%}
+{% if sshd_sftp_enabled %}
 #######################################################
 # SFTP matching configuration
 #######################################################
@@ -150,7 +150,7 @@ Match Group {{ sshd_sftp_only_group }}
     PermitRootLogin no
     X11Forwarding no
 {% endif %}
-{%+ endif +%}
+{% endif %}
 {% for item in sshd_match_addresses %}
 {%+ if loop.first +%}
 #######################################################