2014-12-18 23:12:51 +01:00
# Ansible OpenSSH Daemon Role
2014-12-22 21:18:35 +01:00
This role configures the OpenSSH daemon. It:
2014-12-18 23:12:51 +01:00
2014-12-22 21:18:35 +01:00
- By default configures the SSH daemon with the normal OS defaults. Defaults can be disabled by setting `sshd_skip_defaults: true`
- Supports use of a dict to configure items:
```yaml
2014-12-21 21:39:44 +01:00
sshd:
Compression: delayed
ListenAddress:
- 0.0.0.0
```
2014-12-18 23:12:51 +01:00
2014-12-22 21:18:35 +01:00
- Can use scalars rather than a dict. Scalar values override dict values:
```yaml
sshd_Compression: off
```
- Correctly interprets booleans as yes and no in sshd configuration
2014-12-25 13:13:34 +01:00
- Supports lists for multi line configuration items:
```yaml
sshd_ListenAddress:
- 0.0.0.0
- ::
```
2014-12-22 21:18:35 +01:00
- Tests the sshd_config before reloading sshd
2014-12-25 13:13:34 +01:00
- Template is programmatically generated. See the files in the meta folder. It should cover all valid SSH options. To regenerate the template, in the meta directory run `./make_option_list >../templates/sshd_config.j2`
- Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array.
## Complete example
```yaml
---
sshd_skip_defaults: true
sshd:
Compression: true
ListenAddres:
- "0.0.0.0"
- "::"
GSSAPIAuthentication: no
Match:
- Condition: "Group user"
GSSAPIAuthentication: yes
sshd_UsePrivilegeSeparation: sandbox
sshd_match:
- Condition: "Group xusers"
X11Forwarding: yes
```
Results in:
```
# Ansible managed: ...
Compression yes
GSSAPIAuthentication no
UsePrivilegeSeparation sandbox
Match Group user
GSSAPIAuthentication yes
Match Group xusers
X11Forwarding yes
```
2014-12-26 11:09:34 +01:00
### Author
Copyright 2014 Matt Willsher
Code in this repository is licensed under the LGPLv3 license. See LICENSE for full details.
