Merge branch 'master' of https://github.com/willshersystems/ansible-sshd

2024-11-10 05:33:29 +01:00 · 2019-12-21 09:56:56 +01:00 · 2019-12-21 09:56:56 +01:00 · 643b3c1dbd
commit 643b3c1dbd
parent cca93d5c6d e70dbc3007
5 changed files with 80 additions and 1 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -18,7 +18,7 @@
 - name: Reload sshd Service (AIX)
  shell: |
    stopsrc -s sshd
-    until $(lssrc -s sshd | grep -q inoperative); do sleep 1; done 
+    until $(lssrc -s sshd | grep -q inoperative); do sleep 1; done
    startsrc -s sshd
  listen: reload_sshd
  when:
--- a/meta/main.yml
+++ b/meta/main.yml
@ -10,6 +10,8 @@ galaxy_info:
    versions:
    - wheezy
    - jessie
+    - stretch
+    - buster
  - name: Ubuntu
    versions:
    - precise
--- a/vars/Debian_10.yml
+++ b/vars/Debian_10.yml
@ -0,0 +1,35 @@
+---
+__sshd_service: ssh
+__sshd_packages:
+  - openssh-server
+  - openssh-sftp-server
+__sshd_config_mode: "0644"
+__sshd_defaults:
+  Port: 22
+  Protocol: 2
+  HostKey:
+    - /etc/ssh/ssh_host_rsa_key
+    - /etc/ssh/ssh_host_ed25519_key
+  HostKeyAlgorithms: ssh-ed25519,ecdsa-sha2-nistp256,ssh-rsa,ssh-ed25519-cert-v01@openssh.com 
+  KexAlgorithms: curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256
+  MACs: umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
+  SyslogFacility: AUTH
+  LogLevel: INFO
+  LoginGraceTime: 120
+  PermitRootLogin: without-password
+  StrictModes: yes
+  PubkeyAuthentication: yes
+  IgnoreRhosts: yes
+  HostbasedAuthentication: no
+  PermitEmptyPasswords: no
+  ChallengeResponseAuthentication: no
+  X11Forwarding: yes
+  X11DisplayOffset: 10
+  PrintMotd: no
+  PrintLastLog: yes
+  TCPKeepAlive: yes
+  AcceptEnv: LANG LC_*
+  Subsystem: "sftp {{ sshd_sftp_server }}"
+  UsePAM: yes
+__sshd_os_supported: yes
+
--- a/vars/RedHat_8.yml
+++ b/vars/RedHat_8.yml
@ -0,0 +1,28 @@
+---
+__sshd_packages:
+  - openssh
+  - openssh-server
+__sshd_sftp_server: /usr/libexec/openssh/sftp-server
+__sshd_defaults:
+  HostKey:
+    - /etc/ssh/ssh_host_rsa_key
+    - /etc/ssh/ssh_host_ecdsa_key
+    - /etc/ssh/ssh_host_ed25519_key
+  SyslogFacility: AUTHPRIV
+  AuthorizedKeysFile: .ssh/authorized_keys
+  PasswordAuthentication: yes
+  ChallengeResponseAuthentication: no
+  GSSAPIAuthentication: yes
+  GSSAPICleanupCredentials: no
+# Note that UsePAM: no is not supported under RHEL/CentOS. See
+# https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218
+  UsePAM: yes
+  X11Forwarding: yes
+  PrintMotd: no
+  AcceptEnv:
+    - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+    - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+    - LC_IDENTIFICATION LC_ALL LANGUAGE
+    - XMODIFIERS
+  Subsystem: "sftp {{ sshd_sftp_server }}"
+__sshd_os_supported: yes
--- a/vars/openSUSE
+++ b/vars/openSUSE
@ -0,0 +1,14 @@
+---
+__sshd_packages:
+  - openssh
+__sshd_sftp_server: /usr/lib/ssh/sftp-server
+__sshd_defaults:
+  AuthorizedKeysFile: .ssh/authorized_keys
+  UsePAM: yes
+  X11Forwarding: yes
+  AcceptEnv:
+    - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+    - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+    - LC_IDENTIFICATION LC_ALL
+  Subsystem: "sftp {{ sshd_sftp_server }}"
+__sshd_os_supported: yes