This article explains how to disbale user accounts to prevent them logging in via SSH (for example). This will apply to password logins and key-based logins.
This is a mini-HowTo demonstrating how to disable or expire a user using Ansible. Put the following into a file called “playbook-expire-user.yml”.
--- - hosts: all sudo: yes tasks: - name: Expire an existing user user: name: myusername expires : 1486509032
The above would be executed using the following command. Make sure the file “hosts” is populated with a list (one IP or FQDN per line) of hosts to target with this Ansible run. My advice is to do one host first as a test and then do the others when you know it works.
ansible-playbook playbook-expire-user.yml -i hosts
Notice the “expires” line in the YAML file above. It’s the time the account should be expired from. It’s in Epoch time. To get the NOW time in this format, go to “http://www.epochconverter.com/”.