[ssh_hardening] AllowUsers passing user with brackets

[Dan-Sun]

Description

I use the the variable ssh_allow_users for a debian system:

ssh_allow_users: 
      - "{{ ansible_user }}"
      - user2
      - user3

The outcome is AllowUsers ['user1', 'user2', 'user3'] which doesn't work on my end.
It would work like AllowUsers user1 user2 user3.

Reproduction steps

Add the variable:

ssh_allow_users: 
      - "{{ ansible_user }}"
      - user2
      - user3

### Current Behavior

The out come is `AllowUsers ['user1', 'user2', 'user3']` which doesn't work on my side.

### Expected Behavior

It would work like `AllowUsers user1 user2 user3`.

### OS / Environment

The target is a fresh installed Debian minimal system. Coming from an Arch system.

### Ansible Version

```Shell
2.18.1

Collection Version

10.2.0

Additional information

...

[schurzi]

Thanks for the report.

We documented that parameter as string, so a list is not expected here.

• ssh_allow_users
  • Default: ``
  • Description: if specified, login is allowed only for user names that match one of the patterns.
  • Type: str

To fix your problem, you need to convert the list to a string in your vars. e.g.:

ssh_allow_users: "{{ ansible_user }} user2 user3"

Your use-case seems reasonable though. Let me think a bit on how to support that, this might be a good addition to our collection.