ansible-sshd/templates/sshd_config.j2

# {{ ansible_managed }}
{% macro sshd_multiline(key,override) %}
{%   if override is defined %}
{%     set value = override %}
{%   elif sshd[key] is defined %}
{%     set value = sshd[key] %}
{%   endif %}
{%   if value is defined %}
{%     for i in value %}
{{ key }} {{ i }}
{%     endfor %}
{%   endif %}
{% endmacro %}
{% macro sshd_boolean(key,override) %}
{%   if override is defined %}
{%     set value = override %}
{%   elif sshd[key] is defined %}
{%     set value = sshd[key] %}
{%   endif %}
{%   if value is defined %}
{%     if value == true %}
{{ key }} yes
{%     elif value == false %}
{{ key }} no
{%     else %}
{{ key }} {{ value }}
{%     endif %}
{%   endif %}
{% endmacro -%}
{% macro sshd_value(key,override) -%}
{%   if override is defined -%}
{%     set value = override -%}
{%   elif sshd[key] is defined -%}
{%     set value = sshd[key] -%}
{%   endif -%}
{%   if value is defined -%}
{{ key }} {{ value }}
{%   endif -%}
{% endmacro -%}
{{ sshd_multiline("HostKey",sshd_HostKey) }}
{{ sshd_multiline("ListenAddress",sshd_ListenAddress) }}
{{ sshd_multiline("Subsystem",sshd_Subsystem) }}
{{ sshd_value("AcceptEnv",sshd_AcceptEnv) }}
{{ sshd_value("AddressFamily",sshd_AddressFamily) }}
{{ sshd_value("AllowGroups",sshd_AllowGroups) }}
{{ sshd_value("AllowUsers",sshd_AllowUsers) }}
{{ sshd_value("AuthenticationMethods",sshd_AuthenticationMethods) }}
{{ sshd_value("AuthorizedKeysCommand",sshd_AuthorizedKeysCommand) }}
{{ sshd_value("AuthorizedKeysCommandUser",sshd_AuthorizedKeysCommandUser) }}
{{ sshd_value("AuthorizedKeysFile",sshd_AuthorizedKeysFile) }}
{{ sshd_value("AuthorizedPrincipalsFile",sshd_AuthorizedPrincipalsFile) }}
{{ sshd_value("Banner",sshd_Banner) }}
{{ sshd_value("ChrootDirectory",sshd_ChrootDirectory) }}
{{ sshd_value("Ciphers",sshd_Ciphers) }}
{{ sshd_value("ClientAliveCountMax",sshd_ClientAliveCountMax) }}
{{ sshd_value("ClientAliveInterval",sshd_ClientAliveInterval) }}
{{ sshd_value("DenyGroups",sshd_DenyGroups) }}
{{ sshd_value("DenyUsers",sshd_DenyUsers) }}
{{ sshd_value("ForceCommand",sshd_ForceCommand) }}
{{ sshd_value("GSSAPIAuthentication",sshd_GSSAPIAuthentication) }}
{{ sshd_value("GSSAPIKeyExchange",sshd_GSSAPIKeyExchange) }}
{{ sshd_value("HPNBufferSize",sshd_HPNBufferSize) }}
{{ sshd_value("HostCertificate",sshd_HostCertificate) }}
{{ sshd_value("HostKeyAgent",sshd_HostKeyAgent) }}
{{ sshd_value("IPQoS",sshd_IPQoS) }}
{{ sshd_value("KbdInteractiveAuthentication",sshd_KbdInteractiveAuthentication) }}
{{ sshd_value("KexAlgorithms",sshd_KexAlgorithms) }}
{{ sshd_value("KeyRegenerationInterval",sshd_KeyRegenerationInterval) }}
{{ sshd_value("LogLevel",sshd_LogLevel) }}
{{ sshd_value("LoginGraceTime",sshd_LoginGraceTime) }}
{{ sshd_value("MACs",sshd_MACs) }}
{{ sshd_value("MaxAuthTries",sshd_MaxAuthTries) }}
{{ sshd_value("MaxSessions",sshd_MaxSessions) }}
{{ sshd_value("MaxStartups",sshd_MaxStartups) }}
{{ sshd_value("PermitOpen",sshd_PermitOpen) }}
{{ sshd_value("PermitTTY",sshd_PermitTTY) }}
{{ sshd_value("PidFile",sshd_PidFile) }}
{{ sshd_value("Port",sshd_Port) }}
{{ sshd_value("Protocol",sshd_Protocol) }}
{{ sshd_value("RekeyLimit",sshd_RekeyLimit) }}
{{ sshd_value("RevokedKeys",sshd_RevokedKeys) }}
{{ sshd_value("ServerKeyBits",sshd_ServerKeyBits) }}
{{ sshd_value("SyslogFacility",sshd_SyslogFacility) }}
{{ sshd_value("TrustedUserCAKeys",sshd_TrustedUserCAKeys) }}
{{ sshd_value("VersionAddendum",sshd_VersionAddendum) }}
{{ sshd_value("X11DisplayOffset",sshd_X11DisplayOffset) }}
{{ sshd_value("XAuthLocation",sshd_XAuthLocation) }}
{{ sshd_boolean("AllowAgentForwarding",sshd_AllowAgentForwarding) }}
{{ sshd_boolean("AllowTcpForwarding",sshd_AllowTcpForwarding) }}
{{ sshd_boolean("ChallengeResponseAuthentication",sshd_ChallengeResponseAuthentication) }}
{{ sshd_boolean("Compression",sshd_Compression) }}
{{ sshd_boolean("GSSAPICleanupCredentials",sshd_GSSAPICleanupCredentials) }}
{{ sshd_boolean("GSSAPIStoreCredentialsOnRekey",sshd_GSSAPIStoreCredentialsOnRekey) }}
{{ sshd_boolean("GSSAPIStrictAcceptorCheck",sshd_GSSAPIStrictAcceptorCheck) }}
{{ sshd_boolean("GatewayPorts",sshd_GatewayPorts) }}
{{ sshd_boolean("HPNDisabled",sshd_HPNDisabled) }}
{{ sshd_boolean("HostbasedAuthentication",sshd_HostbasedAuthentication) }}
{{ sshd_boolean("HostbasedUsesNameFromPacketOnly",sshd_HostbasedUsesNameFromPacketOnly) }}
{{ sshd_boolean("IgnoreRhosts",sshd_IgnoreRhosts) }}
{{ sshd_boolean("IgnoreUserKnownHosts",sshd_IgnoreUserKnownHosts) }}
{{ sshd_boolean("KerberosAuthentication",sshd_KerberosAuthentication) }}
{{ sshd_boolean("KerberosGetAFSToken",sshd_KerberosGetAFSToken) }}
{{ sshd_boolean("KerberosOrLocalPasswd",sshd_KerberosOrLocalPasswd) }}
{{ sshd_boolean("KerberosTicketCleanup",sshd_KerberosTicketCleanup) }}
{{ sshd_boolean("NoneEnabled",sshd_NoneEnabled) }}
{{ sshd_boolean("PasswordAuthentication",sshd_PasswordAuthentication) }}
{{ sshd_boolean("PermitEmptyPasswords",sshd_PermitEmptyPasswords) }}
{{ sshd_boolean("PermitRootLogin",sshd_PermitRootLogin) }}
{{ sshd_boolean("PermitTunnel",sshd_PermitTunnel) }}
{{ sshd_boolean("PermitUserEnvironment",sshd_PermitUserEnvironment) }}
{{ sshd_boolean("PrintLastLog",sshd_PrintLastLog) }}
{{ sshd_boolean("PrintMotd",sshd_PrintMotd) }}
{{ sshd_boolean("PubkeyAuthentication",sshd_PubkeyAuthentication) }}
{{ sshd_boolean("RSAAuthentication",sshd_RSAAuthentication) }}
{{ sshd_boolean("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) }}
{{ sshd_boolean("StrictModes",sshd_StrictModes) }}
{{ sshd_boolean("TCPKeepAlive",sshd_TCPKeepAlive) }}
{{ sshd_boolean("TcpRcvBufPoll",sshd_TcpRcvBufPoll) }}
{{ sshd_boolean("UseDNS",sshd_UseDNS) }}
{{ sshd_boolean("UseLogin",sshd_UseLogin) }}
{{ sshd_boolean("UsePAM",sshd_UsePAM) }}
{{ sshd_boolean("UsePrivilegeSeparation",sshd_UsePrivilegeSeparation) }}
{{ sshd_boolean("X11Forwarding",sshd_X11Forwarding) }}
{{ sshd_boolean("X11UseLocalhost",sshd_X11UseLocalhost) }}
Initial commit 2014-12-18 23:12:51 +01:00			`# {{ ansible_managed }}`
Allow overrides, force sftp for Ansible 2014-12-21 21:29:13 +01:00			`{% macro sshd_multiline(key,override) %}`
			`{% if override is defined %}`
			`{% set value = override %}`
			`{% elif sshd[key] is defined %}`
			`{% set value = sshd[key] %}`
			`{% endif %}`
			`{% if value is defined %}`
			`{% for i in value %}`
			`{{ key }} {{ i }}`
			`{% endfor %}`
			`{% endif %}`
			`{% endmacro %}`
			`{% macro sshd_boolean(key,override) %}`
			`{% if override is defined %}`
			`{% set value = override %}`
			`{% elif sshd[key] is defined %}`
			`{% set value = sshd[key] %}`
			`{% endif %}`
			`{% if value is defined %}`
			`{% if value == true %}`
			`{{ key }} yes`
			`{% elif value == false %}`
			`{{ key }} no`
			`{% else %}`
			`{{ key }} {{ value }}`
			`{% endif %}`
			`{% endif %}`
			`{% endmacro -%}`
			`{% macro sshd_value(key,override) -%}`
			`{% if override is defined -%}`
			`{% set value = override -%}`
			`{% elif sshd[key] is defined -%}`
			`{% set value = sshd[key] -%}`
			`{% endif -%}`
			`{% if value is defined -%}`
			`{{ key }} {{ value }}`
			`{% endif -%}`
			`{% endmacro -%}`
			`{{ sshd_multiline("HostKey",sshd_HostKey) }}`
			`{{ sshd_multiline("ListenAddress",sshd_ListenAddress) }}`
			`{{ sshd_multiline("Subsystem",sshd_Subsystem) }}`
			`{{ sshd_value("AcceptEnv",sshd_AcceptEnv) }}`
			`{{ sshd_value("AddressFamily",sshd_AddressFamily) }}`
			`{{ sshd_value("AllowGroups",sshd_AllowGroups) }}`
			`{{ sshd_value("AllowUsers",sshd_AllowUsers) }}`
			`{{ sshd_value("AuthenticationMethods",sshd_AuthenticationMethods) }}`
			`{{ sshd_value("AuthorizedKeysCommand",sshd_AuthorizedKeysCommand) }}`
			`{{ sshd_value("AuthorizedKeysCommandUser",sshd_AuthorizedKeysCommandUser) }}`
			`{{ sshd_value("AuthorizedKeysFile",sshd_AuthorizedKeysFile) }}`
			`{{ sshd_value("AuthorizedPrincipalsFile",sshd_AuthorizedPrincipalsFile) }}`
			`{{ sshd_value("Banner",sshd_Banner) }}`
			`{{ sshd_value("ChrootDirectory",sshd_ChrootDirectory) }}`
			`{{ sshd_value("Ciphers",sshd_Ciphers) }}`
			`{{ sshd_value("ClientAliveCountMax",sshd_ClientAliveCountMax) }}`
			`{{ sshd_value("ClientAliveInterval",sshd_ClientAliveInterval) }}`
			`{{ sshd_value("DenyGroups",sshd_DenyGroups) }}`
			`{{ sshd_value("DenyUsers",sshd_DenyUsers) }}`
			`{{ sshd_value("ForceCommand",sshd_ForceCommand) }}`
			`{{ sshd_value("GSSAPIAuthentication",sshd_GSSAPIAuthentication) }}`
			`{{ sshd_value("GSSAPIKeyExchange",sshd_GSSAPIKeyExchange) }}`
			`{{ sshd_value("HPNBufferSize",sshd_HPNBufferSize) }}`
			`{{ sshd_value("HostCertificate",sshd_HostCertificate) }}`
			`{{ sshd_value("HostKeyAgent",sshd_HostKeyAgent) }}`
			`{{ sshd_value("IPQoS",sshd_IPQoS) }}`
			`{{ sshd_value("KbdInteractiveAuthentication",sshd_KbdInteractiveAuthentication) }}`
			`{{ sshd_value("KexAlgorithms",sshd_KexAlgorithms) }}`
			`{{ sshd_value("KeyRegenerationInterval",sshd_KeyRegenerationInterval) }}`
			`{{ sshd_value("LogLevel",sshd_LogLevel) }}`
			`{{ sshd_value("LoginGraceTime",sshd_LoginGraceTime) }}`
			`{{ sshd_value("MACs",sshd_MACs) }}`
			`{{ sshd_value("MaxAuthTries",sshd_MaxAuthTries) }}`
			`{{ sshd_value("MaxSessions",sshd_MaxSessions) }}`
			`{{ sshd_value("MaxStartups",sshd_MaxStartups) }}`
			`{{ sshd_value("PermitOpen",sshd_PermitOpen) }}`
			`{{ sshd_value("PermitTTY",sshd_PermitTTY) }}`
			`{{ sshd_value("PidFile",sshd_PidFile) }}`
			`{{ sshd_value("Port",sshd_Port) }}`
			`{{ sshd_value("Protocol",sshd_Protocol) }}`
			`{{ sshd_value("RekeyLimit",sshd_RekeyLimit) }}`
			`{{ sshd_value("RevokedKeys",sshd_RevokedKeys) }}`
			`{{ sshd_value("ServerKeyBits",sshd_ServerKeyBits) }}`
			`{{ sshd_value("SyslogFacility",sshd_SyslogFacility) }}`
			`{{ sshd_value("TrustedUserCAKeys",sshd_TrustedUserCAKeys) }}`
			`{{ sshd_value("VersionAddendum",sshd_VersionAddendum) }}`
			`{{ sshd_value("X11DisplayOffset",sshd_X11DisplayOffset) }}`
			`{{ sshd_value("XAuthLocation",sshd_XAuthLocation) }}`
			`{{ sshd_boolean("AllowAgentForwarding",sshd_AllowAgentForwarding) }}`
			`{{ sshd_boolean("AllowTcpForwarding",sshd_AllowTcpForwarding) }}`
			`{{ sshd_boolean("ChallengeResponseAuthentication",sshd_ChallengeResponseAuthentication) }}`
			`{{ sshd_boolean("Compression",sshd_Compression) }}`
			`{{ sshd_boolean("GSSAPICleanupCredentials",sshd_GSSAPICleanupCredentials) }}`
			`{{ sshd_boolean("GSSAPIStoreCredentialsOnRekey",sshd_GSSAPIStoreCredentialsOnRekey) }}`
			`{{ sshd_boolean("GSSAPIStrictAcceptorCheck",sshd_GSSAPIStrictAcceptorCheck) }}`
			`{{ sshd_boolean("GatewayPorts",sshd_GatewayPorts) }}`
			`{{ sshd_boolean("HPNDisabled",sshd_HPNDisabled) }}`
			`{{ sshd_boolean("HostbasedAuthentication",sshd_HostbasedAuthentication) }}`
			`{{ sshd_boolean("HostbasedUsesNameFromPacketOnly",sshd_HostbasedUsesNameFromPacketOnly) }}`
			`{{ sshd_boolean("IgnoreRhosts",sshd_IgnoreRhosts) }}`
			`{{ sshd_boolean("IgnoreUserKnownHosts",sshd_IgnoreUserKnownHosts) }}`
			`{{ sshd_boolean("KerberosAuthentication",sshd_KerberosAuthentication) }}`
			`{{ sshd_boolean("KerberosGetAFSToken",sshd_KerberosGetAFSToken) }}`
			`{{ sshd_boolean("KerberosOrLocalPasswd",sshd_KerberosOrLocalPasswd) }}`
			`{{ sshd_boolean("KerberosTicketCleanup",sshd_KerberosTicketCleanup) }}`
			`{{ sshd_boolean("NoneEnabled",sshd_NoneEnabled) }}`
			`{{ sshd_boolean("PasswordAuthentication",sshd_PasswordAuthentication) }}`
			`{{ sshd_boolean("PermitEmptyPasswords",sshd_PermitEmptyPasswords) }}`
			`{{ sshd_boolean("PermitRootLogin",sshd_PermitRootLogin) }}`
			`{{ sshd_boolean("PermitTunnel",sshd_PermitTunnel) }}`
			`{{ sshd_boolean("PermitUserEnvironment",sshd_PermitUserEnvironment) }}`
			`{{ sshd_boolean("PrintLastLog",sshd_PrintLastLog) }}`
			`{{ sshd_boolean("PrintMotd",sshd_PrintMotd) }}`
			`{{ sshd_boolean("PubkeyAuthentication",sshd_PubkeyAuthentication) }}`
			`{{ sshd_boolean("RSAAuthentication",sshd_RSAAuthentication) }}`
			`{{ sshd_boolean("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) }}`
			`{{ sshd_boolean("StrictModes",sshd_StrictModes) }}`
			`{{ sshd_boolean("TCPKeepAlive",sshd_TCPKeepAlive) }}`
			`{{ sshd_boolean("TcpRcvBufPoll",sshd_TcpRcvBufPoll) }}`
			`{{ sshd_boolean("UseDNS",sshd_UseDNS) }}`
			`{{ sshd_boolean("UseLogin",sshd_UseLogin) }}`
			`{{ sshd_boolean("UsePAM",sshd_UsePAM) }}`
			`{{ sshd_boolean("UsePrivilegeSeparation",sshd_UsePrivilegeSeparation) }}`
			`{{ sshd_boolean("X11Forwarding",sshd_X11Forwarding) }}`
			`{{ sshd_boolean("X11UseLocalhost",sshd_X11UseLocalhost) }}`