ansible-sshd/README.md

112 lines
2.2 KiB
Markdown
Raw Normal View History

2015-01-12 22:40:04 +01:00
OpenSSH Server
==============
2014-12-18 23:12:51 +01:00
2014-12-22 21:18:35 +01:00
This role configures the OpenSSH daemon. It:
2014-12-18 23:12:51 +01:00
2015-01-12 22:40:04 +01:00
* By default configures the SSH daemon with the normal OS defaults.
* Works across a variety of UN*X like distributions
* Can be configured by dict or simple variables
* Supports Match sets
* Supports all sshd_config options. Templates are programmatically generated.
(see [meta/make_option_list](meta/make_option_list))
* Tests the sshd_config before reloading sshd.
Requirements
------------
Tested on:
* Ubuntu precise, trusty
* Debian wheezy, jessie
* FreeBSD 10.1
* EL 6,7 derived distributions
It will likely work on other flavours and more direct support via suitable
[vars/](vars/) files is welcome.
Role variables
---------------
* Unconfigured, this role will provide a sshd_config that matches the OS default,
minus the comments and in a different order.
* Defaults can be disabled by setting `sshd_skip_defaults: true`
* Supports use of a dict to configure items:
2014-12-22 21:18:35 +01:00
```yaml
2014-12-21 21:39:44 +01:00
sshd:
Compression: delayed
ListenAddress:
- 0.0.0.0
```
2014-12-18 23:12:51 +01:00
2015-01-12 22:40:04 +01:00
* Simple variables can be used rather than a dict. Simple values override dict
values:
2014-12-22 21:18:35 +01:00
```yaml
sshd_Compression: off
```
2015-01-12 22:40:04 +01:00
* Correctly interprets booleans as yes and no in sshd configuration
* Supports lists for multi line configuration items:
2014-12-25 13:13:34 +01:00
```yaml
sshd_ListenAddress:
- 0.0.0.0
2015-01-12 22:40:04 +01:00
- '::'
2014-12-25 13:13:34 +01:00
```
2015-01-12 22:40:04 +01:00
* Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array.
2014-12-25 13:13:34 +01:00
2015-01-12 22:40:04 +01:00
Example Playbook
----------------
2014-12-25 13:13:34 +01:00
```yaml
---
2015-01-12 22:40:04 +01:00
- hosts: all
vars:
sshd_skip_defaults: true
sshd:
Compression: true
ListenAddress:
- "0.0.0.0"
- "::"
GSSAPIAuthentication: no
Match:
- Condition: "Group user"
GSSAPIAuthentication: yes
sshd_UsePrivilegeSeparation: sandbox
sshd_match:
- Condition: "Group xusers"
X11Forwarding: yes
roles:
- role: willshersystems.sshd
2014-12-25 13:13:34 +01:00
```
Results in:
```
# Ansible managed: ...
Compression yes
GSSAPIAuthentication no
UsePrivilegeSeparation sandbox
Match Group user
GSSAPIAuthentication yes
Match Group xusers
X11Forwarding yes
```
2014-12-26 11:09:34 +01:00
2015-01-12 22:40:04 +01:00
License
-------
LGPLv3
Author
------
Matt Willsher <matt@willsher.systems>
2014-12-26 11:09:34 +01:00
2015-01-12 22:40:04 +01:00
Copyright 2014,2015 Willsher Systems