2024-01-08 18:23:25 +01:00
|
|
|
---
|
2024-10-24 18:59:04 +02:00
|
|
|
__sshd_config: "{{ sshd_config | default({}) or sshd | default({}) }}"
|
2021-06-02 14:21:40 +02:00
|
|
|
__sshd_config_file: "/etc/ssh/sshd_config"
|
|
|
|
__sshd_config_owner: "root"
|
|
|
|
__sshd_config_group: "root"
|
|
|
|
__sshd_config_mode: "0600"
|
|
|
|
__sshd_hostkey_owner: "root"
|
|
|
|
__sshd_hostkey_group: "root"
|
|
|
|
__sshd_hostkey_mode: "0600"
|
2023-09-11 15:39:03 +02:00
|
|
|
__sshd_trustedusercakeys_directory_owner: "root"
|
|
|
|
__sshd_trustedusercakeys_directory_group: "root"
|
|
|
|
__sshd_trustedusercakeys_directory_mode: "0755"
|
|
|
|
__sshd_trustedusercakeys_file_owner: "root"
|
|
|
|
__sshd_trustedusercakeys_file_group: "root"
|
|
|
|
__sshd_trustedusercakeys_file_mode: "0640"
|
|
|
|
__sshd_authorizedprincipals_directory_owner: "root"
|
|
|
|
__sshd_authorizedprincipals_directory_group: "root"
|
|
|
|
__sshd_authorizedprincipals_directory_mode: "0755"
|
|
|
|
__sshd_authorizedprincipals_file_owner: "root"
|
|
|
|
__sshd_authorizedprincipals_file_group: "root"
|
|
|
|
__sshd_authorizedprincipals_file_mode: "0644"
|
2021-08-06 20:52:42 +02:00
|
|
|
# The OpenSSH 5.3 in RHEL6 does not support "Match all" so we need a workaround
|
|
|
|
__sshd_compat_match_all: Match all
|
2021-11-10 09:18:40 +01:00
|
|
|
# The hostkeys not supported in FIPS mode, if applicable
|
|
|
|
__sshd_hostkeys_nofips: []
|
2022-04-12 21:17:44 +02:00
|
|
|
|
|
|
|
__sshd_required_facts:
|
|
|
|
- distribution
|
|
|
|
- distribution_major_version
|
|
|
|
- os_family
|
2022-08-17 14:05:10 +02:00
|
|
|
|
|
|
|
__sshd_skip_virt_env:
|
|
|
|
- docker
|
|
|
|
- podman
|
|
|
|
- container
|
|
|
|
- containerd
|
|
|
|
- VirtualPC
|
|
|
|
|
|
|
|
__sshd_binary: /usr/sbin/sshd
|
|
|
|
__sshd_service: sshd
|
|
|
|
__sshd_sftp_server: /usr/lib/openssh/sftp-server
|
|
|
|
|
|
|
|
__sshd_defaults: {}
|
2023-04-10 22:19:29 +02:00
|
|
|
__sshd_os_supported: false
|
2022-08-17 14:05:10 +02:00
|
|
|
__sshd_sysconfig_supports_crypto_policy: false
|
|
|
|
__sshd_sysconfig_supports_use_strong_rng: false
|
|
|
|
|
2022-09-26 16:43:15 +02:00
|
|
|
# The runtime directory is used by systemd to provide termoporary directory for the service
|
|
|
|
# This is used as a RuntimeDirectory= option in the service file and it needs to exist
|
|
|
|
# before running sshd for example in the validate mode.
|
2022-08-17 16:34:35 +02:00
|
|
|
__sshd_runtime_directory: ~
|
2022-08-17 14:05:10 +02:00
|
|
|
__sshd_runtime_directory_mode: "0755"
|
|
|
|
|
|
|
|
# this is the path to the main sshd_config which is checked for Include directive when
|
|
|
|
# drop-in directory is used
|
2022-08-17 16:34:35 +02:00
|
|
|
__sshd_main_config_file: ~
|
|
|
|
|
2024-10-24 18:59:04 +02:00
|
|
|
__sshd_drop_in_dir_mode: "0755"
|
2022-08-17 14:05:10 +02:00
|
|
|
|
|
|
|
# The list of hostkeys to check when there are none listed in configuration file.
|
|
|
|
# This is usually the case when the selection is up to the OpenSSH defaults or
|
|
|
|
# drop-in directory is used.
|
|
|
|
__sshd_verify_hostkeys_default: []
|
2022-09-26 16:33:28 +02:00
|
|
|
|
|
|
|
# This switch can control if the validate step is supported by the target OS.
|
|
|
|
# This is useful for very old OpenSSH or for tests that generate invalid configurations
|
|
|
|
__sshd_supports_validate: true
|
2023-10-30 17:51:44 +01:00
|
|
|
|
|
|
|
# The path to an environment file for the SSHD service
|
|
|
|
__sshd_environment_file: ~
|
2024-02-06 10:09:06 +01:00
|
|
|
__sshd_environment_file_mandatory: false
|
2023-10-30 17:51:44 +01:00
|
|
|
|
|
|
|
# The variable name we are passing from the environment file as an argument to the sshd
|
|
|
|
__sshd_environment_variable: $OPTIONS
|
|
|
|
|
|
|
|
# The systemd targets that need to be up before starting the service.
|
|
|
|
# The `network.target` is included by default in the main sshd.service (not the instantiated one)
|
|
|
|
__sshd_service_after: ~
|
|
|
|
|
|
|
|
# The systemd service name alias
|
|
|
|
__sshd_service_alias: ~
|
|
|
|
|
|
|
|
# The systemd service wants directive
|
|
|
|
__sshd_service_wants: ~
|
|
|
|
|
|
|
|
# The systemd service RestartSec directive
|
|
|
|
__sshd_service_restart_timeout: ~
|
|
|
|
|
|
|
|
# The systemd socket file does not accept the connection
|
|
|
|
__sshd_socket_accept: true
|
2024-06-21 10:12:02 +02:00
|
|
|
|
|
|
|
# Boolean to control if the systemd socket can be bound to non-local IP addresses
|
|
|
|
__sshd_socket_freebind: ~
|
|
|
|
|
|
|
|
# Space separated list of service names that this socket is required by
|
|
|
|
__sshd_socket_required_by: ~
|