mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-11-26 04:50:18 +01:00
Merge pull request #89 from tterranigma/systemd
Adds ability to install a systemd service
This commit is contained in:
commit
b431459b45
26 changed files with 284 additions and 138 deletions
65
README.md
65
README.md
|
@ -44,25 +44,40 @@ Role variables
|
||||||
Unconfigured, this role will provide a sshd_config that matches the OS default,
|
Unconfigured, this role will provide a sshd_config that matches the OS default,
|
||||||
minus the comments and in a different order.
|
minus the comments and in a different order.
|
||||||
|
|
||||||
* sshd_skip_defaults
|
* `sshd_skip_defaults`
|
||||||
|
|
||||||
If set to True, don't apply default values. This means that you must have a
|
If set to True, don't apply default values. This means that you must have a
|
||||||
complete set of configuration defaults via either the sshd dict, or sshd_Key
|
complete set of configuration defaults via either the sshd dict, or sshd_Key
|
||||||
variables. Defaults to *False*.
|
variables. Defaults to *False*.
|
||||||
|
|
||||||
* sshd_manage_service
|
* `sshd_manage_service`
|
||||||
|
|
||||||
If set to False, the service/daemon won't be touched at all, i.e. will not try
|
If set to False, the service/daemon won't be **managed** at all, i.e. will not
|
||||||
to enable on boot or start or reload the service. Defaults to *True* unless
|
try to enable on boot or start or reload the service. Defaults to *True*
|
||||||
running inside a docker container (it is assumed ansible is used during build
|
unless running inside a docker container (it is assumed ansible is used during
|
||||||
phase).
|
build phase).
|
||||||
|
|
||||||
* sshd_allow_reload
|
* `sshd_allow_reload`
|
||||||
|
|
||||||
If set to False, a reload of sshd wont happen on change. This can help with
|
If set to False, a reload of sshd wont happen on change. This can help with
|
||||||
troubleshooting. You'll need to manually reload sshd if you want to apply the
|
troubleshooting. You'll need to manually reload sshd if you want to apply the
|
||||||
changed configuration. Defaults to the same value as ``sshd_manage_service``.
|
changed configuration. Defaults to the same value as ``sshd_manage_service``.
|
||||||
|
|
||||||
|
* `sshd_install_service`
|
||||||
|
|
||||||
|
If set to True, the role will install service files for the ssh service.
|
||||||
|
Defaults to False.
|
||||||
|
|
||||||
|
The templates for the service files to be used are pointed to by the variables
|
||||||
|
|
||||||
|
- `sshd_service_template_service` (__default__: _templates/sshd.service.j2_)
|
||||||
|
- `sshd_service_template_at_service` (__default__: _templates/sshd@.service.j2_)
|
||||||
|
- `sshd_service_template_socket` (__default__: _templates/sshd.socket.j2_)
|
||||||
|
|
||||||
|
Using these variables, you can use your own custom templates. With the above
|
||||||
|
default templates, the name of the installed ssh service will be provided by
|
||||||
|
the `sshd_service` variable.
|
||||||
|
|
||||||
* sshd
|
* sshd
|
||||||
|
|
||||||
A dict containing configuration. e.g.
|
A dict containing configuration. e.g.
|
||||||
|
@ -74,7 +89,7 @@ sshd:
|
||||||
- 0.0.0.0
|
- 0.0.0.0
|
||||||
```
|
```
|
||||||
|
|
||||||
* ssh_...
|
* `ssh_...`
|
||||||
|
|
||||||
Simple variables can be used rather than a dict. Simple values override dict
|
Simple variables can be used rather than a dict. Simple values override dict
|
||||||
values. e.g.:
|
values. e.g.:
|
||||||
|
@ -99,14 +114,44 @@ ListenAddress 0.0.0.0
|
||||||
ListenAddress ::
|
ListenAddress ::
|
||||||
```
|
```
|
||||||
|
|
||||||
* sshd_match
|
* `sshd_match`
|
||||||
|
|
||||||
A list of dicts for a match section. See the example playbook.
|
A list of dicts for a match section. See the example playbook.
|
||||||
|
|
||||||
* sshd_match_1 through sshd_match_9
|
* `sshd_match_1` through `sshd_match_9`
|
||||||
|
|
||||||
A list of dicts or just a dict for a Match section.
|
A list of dicts or just a dict for a Match section.
|
||||||
|
|
||||||
|
### Secondary role variables
|
||||||
|
|
||||||
|
These variables are used by the role internals and can be used to override the
|
||||||
|
defaults that correspond to each supported platform.
|
||||||
|
|
||||||
|
* `sshd_packages`
|
||||||
|
|
||||||
|
Use this variable to override the default list of packages to install.
|
||||||
|
|
||||||
|
* `sshd_config_owner`, `sshd_config_group`, `sshd_config_mode`
|
||||||
|
|
||||||
|
Use these variables to set the ownership and permissions for the openssh config
|
||||||
|
file that this role produces.
|
||||||
|
|
||||||
|
* `sshd_config_file`
|
||||||
|
|
||||||
|
The path where the openssh configuration produced by this role should be saved.
|
||||||
|
|
||||||
|
* `sshd_binary`
|
||||||
|
|
||||||
|
The path to the openssh executable
|
||||||
|
|
||||||
|
* `sshd_service`
|
||||||
|
|
||||||
|
The name of the openssh service. By default, this variable contains the name of
|
||||||
|
the ssh service that the target platform uses. But it can also be used to set
|
||||||
|
the name of the custom ssh service when the `sshd_install_service` variable is
|
||||||
|
used.
|
||||||
|
|
||||||
|
|
||||||
Dependencies
|
Dependencies
|
||||||
------------
|
------------
|
||||||
|
|
||||||
|
|
|
@ -2,26 +2,41 @@
|
||||||
### USER OPTIONS
|
### USER OPTIONS
|
||||||
# Don't apply OS defaults when set to true
|
# Don't apply OS defaults when set to true
|
||||||
sshd_skip_defaults: false
|
sshd_skip_defaults: false
|
||||||
|
|
||||||
# If the below is false, don't manage the service or reload the SSH
|
# If the below is false, don't manage the service or reload the SSH
|
||||||
# daemon at all
|
# daemon at all
|
||||||
sshd_manage_service: true
|
sshd_manage_service: true
|
||||||
|
|
||||||
|
# If the below is true, also install service files from the templates pointed
|
||||||
|
# to by the `sshd_service_template_*` variables
|
||||||
|
sshd_install_service: false
|
||||||
|
sshd_service_template_service: sshd.service.j2
|
||||||
|
sshd_service_template_at_service: sshd@.service.j2
|
||||||
|
sshd_service_template_socket: sshd.socket.j2
|
||||||
|
|
||||||
# If the below is false, don't reload the ssh daemon on change
|
# If the below is false, don't reload the ssh daemon on change
|
||||||
sshd_allow_reload: true
|
sshd_allow_reload: true
|
||||||
|
|
||||||
# If the below is true, create a backup of the config file when the template is copied
|
# If the below is true, create a backup of the config file when the template is copied
|
||||||
sshd_backup: false
|
sshd_backup: false
|
||||||
|
|
||||||
# Empty dicts to avoid errors
|
# Empty dicts to avoid errors
|
||||||
sshd: {}
|
sshd: {}
|
||||||
|
|
||||||
### VARS DEFAULTS
|
### VARS DEFAULTS
|
||||||
### The following are defaults for OS specific configuration in var files in
|
### The following are defaults for OS specific configuration in var files in
|
||||||
### this role. They should not be set by role users.
|
### this role. They should not be set directly by role users. If you really
|
||||||
sshd_packages: []
|
### need to override them, use the corresponding, unprefixed variables (eg
|
||||||
sshd_config_owner: root
|
### `sshd_packages` to override __sshd_packages).
|
||||||
sshd_config_group: root
|
__sshd_packages: []
|
||||||
sshd_config_mode: "0600"
|
__sshd_config_owner: root
|
||||||
sshd_config_file: /etc/ssh/sshd_config
|
__sshd_config_group: root
|
||||||
sshd_binary: /usr/sbin/sshd
|
__sshd_config_mode: "0600"
|
||||||
sshd_service: sshd
|
__sshd_config_file: /etc/ssh/sshd_config
|
||||||
sshd_sftp_server: /usr/lib/openssh/sftp-server
|
__sshd_binary: /usr/sbin/sshd
|
||||||
sshd_defaults: {}
|
__sshd_service: sshd
|
||||||
sshd_os_supported: no
|
|
||||||
|
### These variables are used by role internals and should not be used.
|
||||||
|
__sshd_sftp_server: /usr/lib/openssh/sftp-server
|
||||||
|
__sshd_defaults: {}
|
||||||
|
__sshd_os_supported: no
|
||||||
|
|
|
@ -21,8 +21,8 @@
|
||||||
{% set value = override %}
|
{% set value = override %}
|
||||||
{% elif sshd[key] is defined %}
|
{% elif sshd[key] is defined %}
|
||||||
{% set value = sshd[key] %}
|
{% set value = sshd[key] %}
|
||||||
{% elif sshd_defaults[key] is defined and sshd_skip_defaults != true %}
|
{% elif __sshd_defaults[key] is defined and sshd_skip_defaults != true %}
|
||||||
{% set value = sshd_defaults[key] %}
|
{% set value = __sshd_defaults[key] %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{{ render_option(key,value) -}}
|
{{ render_option(key,value) -}}
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
|
|
48
tasks/install.yml
Normal file
48
tasks/install.yml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: OS is supported
|
||||||
|
assert:
|
||||||
|
that: __sshd_os_supported == True
|
||||||
|
|
||||||
|
- name: Install ssh packages
|
||||||
|
package:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ sshd_packages }}"
|
||||||
|
|
||||||
|
- name: Configuration
|
||||||
|
template:
|
||||||
|
src: sshd_config.j2
|
||||||
|
dest: "{{ sshd_config_file }}"
|
||||||
|
owner: "{{ sshd_config_owner }}"
|
||||||
|
group: "{{ sshd_config_group }}"
|
||||||
|
mode: "{{ sshd_config_mode }}"
|
||||||
|
validate: "{{ sshd_binary }} -t -f %s"
|
||||||
|
notify: reload_sshd
|
||||||
|
|
||||||
|
- name: Install systemd service files
|
||||||
|
block:
|
||||||
|
- template:
|
||||||
|
src: "{{ sshd_service_template_service }}"
|
||||||
|
dest: "/etc/systemd/system/{{ sshd_service }}.service"
|
||||||
|
notify: reload_sshd
|
||||||
|
- template:
|
||||||
|
src: "{{ sshd_service_template_at_service }}"
|
||||||
|
dest: "/etc/systemd/system/{{ sshd_service }}@.service"
|
||||||
|
notify: reload_sshd
|
||||||
|
- template:
|
||||||
|
src: "{{ sshd_service_template_socket }}"
|
||||||
|
dest: "/etc/systemd/system/{{ sshd_service }}.socket"
|
||||||
|
notify: reload_sshd
|
||||||
|
when: sshd_install_service
|
||||||
|
|
||||||
|
- name: Service enabled and running
|
||||||
|
service:
|
||||||
|
name: "{{ sshd_service }}"
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
when: "sshd_manage_service and ansible_virtualization_type|default(None) != 'docker'"
|
||||||
|
|
||||||
|
- name: Register that this role has run
|
||||||
|
set_fact: sshd_has_run=true
|
||||||
|
when: sshd_has_run is not defined
|
|
@ -1,41 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: Set OS dependent variables
|
|
||||||
include_vars: "{{ item }}"
|
|
||||||
with_first_found:
|
|
||||||
- "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml"
|
|
||||||
- "{{ ansible_distribution }}.yml"
|
|
||||||
- "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
|
|
||||||
- "{{ ansible_os_family }}.yml"
|
|
||||||
- default.yml
|
|
||||||
|
|
||||||
- name: OS is supported
|
- include_tasks: variables.yml
|
||||||
assert:
|
|
||||||
that: sshd_os_supported == True
|
|
||||||
|
|
||||||
- name: Install ssh packages
|
- include_tasks: install.yml
|
||||||
package:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: present
|
|
||||||
with_items: "{{ sshd_packages }}"
|
|
||||||
|
|
||||||
- name: Configuration
|
|
||||||
template:
|
|
||||||
src: sshd_config.j2
|
|
||||||
dest: "{{ sshd_config_file }}"
|
|
||||||
owner: "{{ sshd_config_owner }}"
|
|
||||||
group: "{{ sshd_config_group }}"
|
|
||||||
mode: "{{ sshd_config_mode }}"
|
|
||||||
backup: "{{ sshd_backup }}"
|
|
||||||
validate: "{{ sshd_binary }} -t -f %s"
|
|
||||||
notify: reload_sshd
|
|
||||||
|
|
||||||
- name: Service enabled and running
|
|
||||||
service:
|
|
||||||
name: "{{ sshd_service }}"
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
||||||
when: "sshd_manage_service and ansible_virtualization_type|default(None) != 'docker'"
|
|
||||||
|
|
||||||
- name: Register that this role has run
|
|
||||||
set_fact: sshd_has_run=true
|
|
||||||
when: sshd_has_run is not defined
|
|
||||||
|
|
37
tasks/variables.yml
Normal file
37
tasks/variables.yml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Set OS dependent variables
|
||||||
|
include_vars: "{{ item }}"
|
||||||
|
with_first_found:
|
||||||
|
- "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml"
|
||||||
|
- "{{ ansible_distribution }}.yml"
|
||||||
|
- "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
|
||||||
|
- "{{ ansible_os_family }}.yml"
|
||||||
|
- default.yml
|
||||||
|
|
||||||
|
- name: Override OS defaults
|
||||||
|
block:
|
||||||
|
- set_fact:
|
||||||
|
sshd_packages: "{{ __sshd_packages }}"
|
||||||
|
when: sshd_packages is not defined
|
||||||
|
- set_fact:
|
||||||
|
sshd_config_owner: "{{ __sshd_config_owner }}"
|
||||||
|
when: sshd_config_owner is not defined
|
||||||
|
- set_fact:
|
||||||
|
sshd_config_group: "{{ __sshd_config_group }}"
|
||||||
|
when: sshd_config_group is not defined
|
||||||
|
- set_fact:
|
||||||
|
sshd_config_mode: "{{ __sshd_config_mode }}"
|
||||||
|
when: sshd_config_mode is not defined
|
||||||
|
- set_fact:
|
||||||
|
sshd_config_file: "{{ __sshd_config_file }}"
|
||||||
|
when: sshd_config_file is not defined
|
||||||
|
- set_fact:
|
||||||
|
sshd_binary: "{{ __sshd_binary }}"
|
||||||
|
when: sshd_binary is not defined
|
||||||
|
- set_fact:
|
||||||
|
sshd_service: "{{ __sshd_service }}"
|
||||||
|
when: sshd_service is not defined
|
||||||
|
- set_fact:
|
||||||
|
sshd_sftp_server: "{{ __sshd_sftp_server }}"
|
||||||
|
when: sshd_sftp_server is not defined
|
17
templates/sshd.service.j2
Normal file
17
templates/sshd.service.j2
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
[Unit]
|
||||||
|
Description=OpenBSD Secure Shell server
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStartPre={{ sshd_binary }} -t
|
||||||
|
ExecStart={{ sshd_binary }} -D -f {{ sshd_config_file }}
|
||||||
|
ExecReload={{ sshd_binary }} -t
|
||||||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
KillMode=process
|
||||||
|
Restart=on-failure
|
||||||
|
RestartPreventExitStatus=255
|
||||||
|
Type=notify
|
||||||
|
RuntimeDirectory={{ sshd_binary }}
|
||||||
|
RuntimeDirectoryMode=0755
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
11
templates/sshd.socket.j2
Normal file
11
templates/sshd.socket.j2
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
[Unit]
|
||||||
|
Description=OpenBSD Secure Shell server socket
|
||||||
|
Before={{ sshd_service }}.service
|
||||||
|
Conflicts={{sshd_service }}.service
|
||||||
|
|
||||||
|
[Socket]
|
||||||
|
ListenStream=22
|
||||||
|
Accept=yes
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sockets.target
|
9
templates/sshd@.service.j2
Normal file
9
templates/sshd@.service.j2
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
[Unit]
|
||||||
|
Description=OpenBSD Secure Shell server per-connection daemon
|
||||||
|
After=auditd.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=-{{ sshd_binary }} -i -f {{ sshd_config_file }}
|
||||||
|
StandardInput=socket
|
||||||
|
RuntimeDirectory={{ sshd_binary }}
|
||||||
|
RuntimeDirectoryMode=0755
|
|
@ -21,8 +21,8 @@
|
||||||
{% set value = override %}
|
{% set value = override %}
|
||||||
{% elif sshd[key] is defined %}
|
{% elif sshd[key] is defined %}
|
||||||
{% set value = sshd[key] %}
|
{% set value = sshd[key] %}
|
||||||
{% elif sshd_defaults[key] is defined and sshd_skip_defaults != true %}
|
{% elif __sshd_defaults[key] is defined and sshd_skip_defaults != true %}
|
||||||
{% set value = sshd_defaults[key] %}
|
{% set value = __sshd_defaults[key] %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{{ render_option(key,value) -}}
|
{{ render_option(key,value) -}}
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
sshd_config_mode: '0644'
|
__sshd_config_mode: '0644'
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh
|
- openssh
|
||||||
- openssh-server
|
- openssh-server
|
||||||
sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
__sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
SyslogFacility: AUTHPRIV
|
SyslogFacility: AUTHPRIV
|
||||||
PermitRootLogin: forced-commands-only
|
PermitRootLogin: forced-commands-only
|
||||||
AuthorizedKeysFile: .ssh/authorized_keys
|
AuthorizedKeysFile: .ssh/authorized_keys
|
||||||
|
@ -20,4 +20,4 @@ sshd_defaults:
|
||||||
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||||
- XMODIFIERS
|
- XMODIFIERS
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
---
|
---
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh
|
- openssh
|
||||||
sshd_sftp_server: /usr/lib/ssh/sftp-server
|
__sshd_sftp_server: /usr/lib/ssh/sftp-server
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
AuthorizedKeysFile: .ssh/authorized_keys
|
AuthorizedKeysFile: .ssh/authorized_keys
|
||||||
ChallengeResponseAuthentication: no
|
ChallengeResponseAuthentication: no
|
||||||
PrintMotd: no
|
PrintMotd: no
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
---
|
---
|
||||||
# There is no package manager in CoreOS
|
# There is no package manager in CoreOS
|
||||||
sshd_packages: []
|
__sshd_packages: []
|
||||||
sshd_service: sshd
|
__sshd_service: sshd
|
||||||
sshd_sftp_server: internal-sftp
|
__sshd_sftp_server: internal-sftp
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
ClientAliveInterval: 180
|
ClientAliveInterval: 180
|
||||||
UseDNS: no
|
UseDNS: no
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
PrintLastLog: no
|
PrintLastLog: no
|
||||||
PrintMotd: no
|
PrintMotd: no
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
sshd_service: ssh
|
__sshd_service: ssh
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh-server
|
- openssh-server
|
||||||
sshd_config_mode: "0644"
|
__sshd_config_mode: "0644"
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
Port: 22
|
Port: 22
|
||||||
Protocol: 2
|
Protocol: 2
|
||||||
HostKey:
|
HostKey:
|
||||||
|
@ -33,4 +33,4 @@ sshd_defaults:
|
||||||
AcceptEnv: LANG LC_*
|
AcceptEnv: LANG LC_*
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
sshd_service: ssh
|
__sshd_service: ssh
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh-server
|
- openssh-server
|
||||||
- openssh-sftp-server
|
- openssh-sftp-server
|
||||||
sshd_config_mode: "0644"
|
__sshd_config_mode: "0644"
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
Port: 22
|
Port: 22
|
||||||
Protocol: 2
|
Protocol: 2
|
||||||
HostKey:
|
HostKey:
|
||||||
|
@ -35,4 +35,4 @@ sshd_defaults:
|
||||||
AcceptEnv: LANG LC_*
|
AcceptEnv: LANG LC_*
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
sshd_service: ssh
|
__sshd_service: ssh
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh-server
|
- openssh-server
|
||||||
- openssh-sftp-server
|
- openssh-sftp-server
|
||||||
sshd_config_mode: "0644"
|
__sshd_config_mode: "0644"
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
Port: 22
|
Port: 22
|
||||||
Protocol: 2
|
Protocol: 2
|
||||||
HostKey:
|
HostKey:
|
||||||
|
@ -31,4 +31,4 @@ sshd_defaults:
|
||||||
AcceptEnv: LANG LC_*
|
AcceptEnv: LANG LC_*
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh
|
- openssh
|
||||||
- openssh-server
|
- openssh-server
|
||||||
sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
__sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
HostKey:
|
HostKey:
|
||||||
- /etc/ssh/ssh_host_rsa_key
|
- /etc/ssh/ssh_host_rsa_key
|
||||||
- /etc/ssh/ssh_host_ecdsa_key
|
- /etc/ssh/ssh_host_ecdsa_key
|
||||||
|
@ -23,4 +23,4 @@ sshd_defaults:
|
||||||
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||||
- XMODIFIERS
|
- XMODIFIERS
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
sshd_config_group: wheel
|
__sshd_config_group: wheel
|
||||||
sshd_config_mode: "0644"
|
__sshd_config_mode: "0644"
|
||||||
sshd_sftp_server: /usr/libexec/sftp-server
|
__sshd_sftp_server: /usr/libexec/sftp-server
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
sshd_config_group: wheel
|
__sshd_config_group: wheel
|
||||||
sshd_config_mode: "0600"
|
__sshd_config_mode: "0600"
|
||||||
sshd_sftp_server: /usr/libexec/sftp-server
|
__sshd_sftp_server: /usr/libexec/sftp-server
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
AuthorizedKeysFile: .ssh/authorized_keys
|
AuthorizedKeysFile: .ssh/authorized_keys
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
sshd_manage_var_run: no
|
__sshd_manage_var_run: no
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh
|
- openssh
|
||||||
- openssh-server
|
- openssh-server
|
||||||
sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
__sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
Protocol: 2
|
Protocol: 2
|
||||||
SyslogFacility: AUTHPRIV
|
SyslogFacility: AUTHPRIV
|
||||||
PasswordAuthentication: yes
|
PasswordAuthentication: yes
|
||||||
|
@ -18,4 +18,4 @@ sshd_defaults:
|
||||||
- XMODIFIERS
|
- XMODIFIERS
|
||||||
X11Forwarding: yes
|
X11Forwarding: yes
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh
|
- openssh
|
||||||
- openssh-server
|
- openssh-server
|
||||||
sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
__sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
HostKey:
|
HostKey:
|
||||||
- /etc/ssh/ssh_host_rsa_key
|
- /etc/ssh/ssh_host_rsa_key
|
||||||
- /etc/ssh/ssh_host_ecdsa_key
|
- /etc/ssh/ssh_host_ecdsa_key
|
||||||
|
@ -25,4 +25,4 @@ sshd_defaults:
|
||||||
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||||
- XMODIFIERS
|
- XMODIFIERS
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
---
|
---
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh
|
- openssh
|
||||||
sshd_sftp_server: /usr/lib/ssh/sftp-server
|
__sshd_sftp_server: /usr/lib/ssh/sftp-server
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
HostKey:
|
HostKey:
|
||||||
- /etc/ssh/ssh_host_rsa_key
|
- /etc/ssh/ssh_host_rsa_key
|
||||||
- /etc/ssh/ssh_host_ecdsa_key
|
- /etc/ssh/ssh_host_ecdsa_key
|
||||||
|
@ -22,4 +22,4 @@ sshd_defaults:
|
||||||
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||||
- XMODIFIERS
|
- XMODIFIERS
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
sshd_service: ssh
|
__sshd_service: ssh
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh-server
|
- openssh-server
|
||||||
sshd_config_mode: "0644"
|
__sshd_config_mode: "0644"
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
Port: 22
|
Port: 22
|
||||||
Protocol: 2
|
Protocol: 2
|
||||||
HostKey:
|
HostKey:
|
||||||
|
@ -33,4 +33,4 @@ sshd_defaults:
|
||||||
AcceptEnv: LANG LC_*
|
AcceptEnv: LANG LC_*
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
sshd_service: ssh
|
__sshd_service: ssh
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh-server
|
- openssh-server
|
||||||
- openssh-sftp-server
|
- openssh-sftp-server
|
||||||
sshd_config_mode: "0644"
|
__sshd_config_mode: "0644"
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
Port: 22
|
Port: 22
|
||||||
Protocol: 2
|
Protocol: 2
|
||||||
HostKey:
|
HostKey:
|
||||||
|
@ -35,4 +35,4 @@ sshd_defaults:
|
||||||
AcceptEnv: LANG LC_*
|
AcceptEnv: LANG LC_*
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
sshd_service: ssh
|
__sshd_service: ssh
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh-server
|
- openssh-server
|
||||||
- openssh-sftp-server
|
- openssh-sftp-server
|
||||||
sshd_config_mode: "0644"
|
__sshd_config_mode: "0644"
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
Port: 22
|
Port: 22
|
||||||
Protocol: 2
|
Protocol: 2
|
||||||
HostKey:
|
HostKey:
|
||||||
|
@ -37,4 +37,4 @@ sshd_defaults:
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
UseDNS: no
|
UseDNS: no
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
---
|
---
|
||||||
sshd_service: ssh
|
__sshd_service: ssh
|
||||||
sshd_packages:
|
__sshd_packages:
|
||||||
- openssh-server
|
- openssh-server
|
||||||
- openssh-sftp-server
|
- openssh-sftp-server
|
||||||
sshd_config_mode: "0644"
|
__sshd_config_mode: "0644"
|
||||||
sshd_defaults:
|
__sshd_defaults:
|
||||||
Port: 22
|
Port: 22
|
||||||
Protocol: 2
|
Protocol: 2
|
||||||
HostKey:
|
HostKey:
|
||||||
|
@ -37,4 +37,4 @@ sshd_defaults:
|
||||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||||
UsePAM: yes
|
UsePAM: yes
|
||||||
UseDNS: no
|
UseDNS: no
|
||||||
sshd_os_supported: yes
|
__sshd_os_supported: yes
|
||||||
|
|
Loading…
Reference in a new issue