This article explains how to disbale user accounts to prevent them logging in via SSH (for example). This will apply to password logins and key-based logins.
This is a mini-HowTo demonstrating how to disable or expire a user using Ansible. Put the following into a file called “playbook-expire-user.yml”.
---
- hosts: all
sudo: yes
tasks:
- name: Expire an existing user
user:
name: myusername
expires : 1486509032
The above would be executed using the following command. Make sure the file “hosts” is populated with a list (one IP or FQDN per line) of hosts to target with this Ansible run. My advice is to do one host first as a test and then do the others when you know it works.
ansible-playbook playbook-expire-user.yml -i hosts
Notice the “expires” line in the YAML file above. It’s the time the account should be expired from. It’s in Epoch time. To get the NOW time in this format, go to “http://www.epochconverter.com/”.
Hi Andrew,
a lot thanks for your explanation.
but how you are giving the value for expires.
expires : 1486509032
Epoch value. found and thanks 🙂