ansible-proxy-chain/openspec/changes/archive/2026-04-22-configurable-ssh-user/proposal.md

Why

The inventory currently hardcodes ansible_user: root. Many server providers create a non-root user by default (e.g., ubuntu, debian), and users may prefer to SSH as a non-root user with sudo privileges. The SSH key is pre-configured by the user before running the playbook.

What Changes

• Change ansible_user in inventory to a configurable placeholder instead of hardcoded root
• Ensure ansible.cfg privilege escalation settings work for both root and non-root users
• Update the sshd_config template: when connecting as root, allow prohibit-password; when connecting as non-root, the user doesn't need root SSH access at all
• Update README to document SSH user configuration

Capabilities

New Capabilities

(none)

Modified Capabilities

• server-base: SSH configuration must work for both root and non-root ansible_user

Impact

• inventory/hosts.yml updated with configurable user placeholder
• roles/base/templates/sshd_config.j2 adjusted for flexibility
• README.md updated with SSH user configuration instructions