libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-11-22 11:00:19 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add configuration options from OpenSSH 8.6

Browse source
This commit is contained in:
Jakub Jelen 2021-06-11 22:10:57 +02:00 committed by Jakub Jelen
parent d1446017e9
commit c4db22f16d
4 changed files with 33 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
meta/options_body
View file

@ -44,6 +44,7 @@ HostCertificate
HostKeyAgent
HostKeyAlgorithms
HostbasedAcceptedKeyTypes
HostbasedAcceptedAlgorithms
HostbasedAuthentication
HostbasedUsesNameFromPacketOnly
Include
@ -55,14 +56,17 @@ KerberosAuthentication
KerberosGetAFSToken
KerberosOrLocalPasswd
KerberosTicketCleanup
KerberosUniqueTicket
KexAlgorithms
KeyRegenerationInterval
LogLevel
LogVerbose
LoginGraceTime
MACs
MaxAuthTries
MaxSessions
MaxStartups
ModuliFile
NoneEnabled
PasswordAuthentication
PermitEmptyPasswords
@ -73,10 +77,13 @@ PermitTTY
PermitTunnel
PermitUserEnvironment
PermitUserRC
PerSourceMaxStartups
PerSourceNetBlockSize
PidFile
PrintLastLog
PrintMotd
PubkeyAcceptedKeyTypes
PubkeyAcceptedAlgorithms
PubkeyAuthOptions
PubkeyAuthentication
RSAAuthentication

4
meta/options_match
View file

@ -17,12 +17,15 @@ ClientAliveCountMax
ClientAliveInterval
DenyGroups
DenyUsers
DisableForwarding
ForceCommand
GatewayPorts
GSSAPIAuthentication
HostbasedAcceptedKeyTypes
HostbasedAcceptedAlgorithms
HostbasedAuthentication
HostbasedUsesNameFromPacketOnly
IgnoreRhosts
Include
IPQoS
KbdInteractiveAuthentication
@ -39,6 +42,7 @@ PermitTTY
PermitTunnel
PermitUserRC
PubkeyAcceptedKeyTypes
PubkeyAcceptedAlgorithms
PubkeyAuthentication
RDomain
RekeyLimit

11
templates/sshd_config.j2
View file

@ -52,12 +52,15 @@ Match {{ match["Condition"] }}
{{ render_option("ClientAliveInterval",match["ClientAliveInterval"],true) -}}
{{ render_option("DenyGroups",match["DenyGroups"],true) -}}
{{ render_option("DenyUsers",match["DenyUsers"],true) -}}
{{ render_option("DisableForwarding",match["DisableForwarding"],true) -}}
{{ render_option("ForceCommand",match["ForceCommand"],true) -}}
{{ render_option("GatewayPorts",match["GatewayPorts"],true) -}}
{{ render_option("GSSAPIAuthentication",match["GSSAPIAuthentication"],true) -}}
{{ render_option("HostbasedAcceptedKeyTypes",match["HostbasedAcceptedKeyTypes"],true) -}}
{{ render_option("HostbasedAcceptedAlgorithms",match["HostbasedAcceptedAlgorithms"],true) -}}
{{ render_option("HostbasedAuthentication",match["HostbasedAuthentication"],true) -}}
{{ render_option("HostbasedUsesNameFromPacketOnly",match["HostbasedUsesNameFromPacketOnly"],true) -}}
{{ render_option("IgnoreRhosts",match["IgnoreRhosts"],true) -}}
{{ render_option("Include",match["Include"],true) -}}
{{ render_option("IPQoS",match["IPQoS"],true) -}}
{{ render_option("KbdInteractiveAuthentication",match["KbdInteractiveAuthentication"],true) -}}
@ -74,6 +77,7 @@ Match {{ match["Condition"] }}
{{ render_option("PermitTunnel",match["PermitTunnel"],true) -}}
{{ render_option("PermitUserRC",match["PermitUserRC"],true) -}}
{{ render_option("PubkeyAcceptedKeyTypes",match["PubkeyAcceptedKeyTypes"],true) -}}
{{ render_option("PubkeyAcceptedAlgorithms",match["PubkeyAcceptedAlgorithms"],true) -}}
{{ render_option("PubkeyAuthentication",match["PubkeyAuthentication"],true) -}}
{{ render_option("RDomain",match["RDomain"],true) -}}
{{ render_option("RekeyLimit",match["RekeyLimit"],true) -}}
@ -146,6 +150,7 @@ Match {{ match["Condition"] }}
{{ body_option("HostKeyAgent",sshd_HostKeyAgent) -}}
{{ body_option("HostKeyAlgorithms",sshd_HostKeyAlgorithms) -}}
{{ body_option("HostbasedAcceptedKeyTypes",sshd_HostbasedAcceptedKeyTypes) -}}
{{ body_option("HostbasedAcceptedAlgorithms",sshd_HostbasedAcceptedAlgorithms) -}}
{{ body_option("HostbasedAuthentication",sshd_HostbasedAuthentication) -}}
{{ body_option("HostbasedUsesNameFromPacketOnly",sshd_HostbasedUsesNameFromPacketOnly) -}}
{{ body_option("Include",sshd_Include) -}}
@ -157,14 +162,17 @@ Match {{ match["Condition"] }}
{{ body_option("KerberosGetAFSToken",sshd_KerberosGetAFSToken) -}}
{{ body_option("KerberosOrLocalPasswd",sshd_KerberosOrLocalPasswd) -}}
{{ body_option("KerberosTicketCleanup",sshd_KerberosTicketCleanup) -}}
{{ body_option("KerberosUniqueTicket",sshd_KerberosUniqueTicket) -}}
{{ body_option("KexAlgorithms",sshd_KexAlgorithms) -}}
{{ body_option("KeyRegenerationInterval",sshd_KeyRegenerationInterval) -}}
{{ body_option("LogLevel",sshd_LogLevel) -}}
{{ body_option("LogVerbose",sshd_LogVerbose) -}}
{{ body_option("LoginGraceTime",sshd_LoginGraceTime) -}}
{{ body_option("MACs",sshd_MACs) -}}
{{ body_option("MaxAuthTries",sshd_MaxAuthTries) -}}
{{ body_option("MaxSessions",sshd_MaxSessions) -}}
{{ body_option("MaxStartups",sshd_MaxStartups) -}}
{{ body_option("ModuliFile",sshd_ModuliFile) -}}
{{ body_option("NoneEnabled",sshd_NoneEnabled) -}}
{{ body_option("PasswordAuthentication",sshd_PasswordAuthentication) -}}
{{ body_option("PermitEmptyPasswords",sshd_PermitEmptyPasswords) -}}
@ -175,10 +183,13 @@ Match {{ match["Condition"] }}
{{ body_option("PermitTunnel",sshd_PermitTunnel) -}}
{{ body_option("PermitUserEnvironment",sshd_PermitUserEnvironment) -}}
{{ body_option("PermitUserRC",sshd_PermitUserRC) -}}
{{ body_option("PerSourceMaxStartups",sshd_PerSourceMaxStartups) -}}
{{ body_option("PerSourceNetBlockSize",sshd_PerSourceNetBlockSize) -}}
{{ body_option("PidFile",sshd_PidFile) -}}
{{ body_option("PrintLastLog",sshd_PrintLastLog) -}}
{{ body_option("PrintMotd",sshd_PrintMotd) -}}
{{ body_option("PubkeyAcceptedKeyTypes",sshd_PubkeyAcceptedKeyTypes) -}}
{{ body_option("PubkeyAcceptedAlgorithms",sshd_PubkeyAcceptedAlgorithms) -}}
{{ body_option("PubkeyAuthOptions",sshd_PubkeyAuthOptions) -}}
{{ body_option("PubkeyAuthentication",sshd_PubkeyAuthentication) -}}
{{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}}

11
templates/sshd_config_snippet.j2
View file

@ -51,12 +51,15 @@ Match {{ match["Condition"] }}
{{ render_option("ClientAliveInterval",match["ClientAliveInterval"],true) -}}
{{ render_option("DenyGroups",match["DenyGroups"],true) -}}
{{ render_option("DenyUsers",match["DenyUsers"],true) -}}
{{ render_option("DisableForwarding",match["DisableForwarding"],true) -}}
{{ render_option("ForceCommand",match["ForceCommand"],true) -}}
{{ render_option("GatewayPorts",match["GatewayPorts"],true) -}}
{{ render_option("GSSAPIAuthentication",match["GSSAPIAuthentication"],true) -}}
{{ render_option("HostbasedAcceptedKeyTypes",match["HostbasedAcceptedKeyTypes"],true) -}}
{{ render_option("HostbasedAcceptedAlgorithms",match["HostbasedAcceptedAlgorithms"],true) -}}
{{ render_option("HostbasedAuthentication",match["HostbasedAuthentication"],true) -}}
{{ render_option("HostbasedUsesNameFromPacketOnly",match["HostbasedUsesNameFromPacketOnly"],true) -}}
{{ render_option("IgnoreRhosts",match["IgnoreRhosts"],true) -}}
{{ render_option("Include",match["Include"],true) -}}
{{ render_option("IPQoS",match["IPQoS"],true) -}}
{{ render_option("KbdInteractiveAuthentication",match["KbdInteractiveAuthentication"],true) -}}
@ -73,6 +76,7 @@ Match {{ match["Condition"] }}
{{ render_option("PermitTunnel",match["PermitTunnel"],true) -}}
{{ render_option("PermitUserRC",match["PermitUserRC"],true) -}}
{{ render_option("PubkeyAcceptedKeyTypes",match["PubkeyAcceptedKeyTypes"],true) -}}
{{ render_option("PubkeyAcceptedAlgorithms",match["PubkeyAcceptedAlgorithms"],true) -}}
{{ render_option("PubkeyAuthentication",match["PubkeyAuthentication"],true) -}}
{{ render_option("RDomain",match["RDomain"],true) -}}
{{ render_option("RekeyLimit",match["RekeyLimit"],true) -}}
@ -145,6 +149,7 @@ Match {{ match["Condition"] }}
{{ body_option("HostKeyAgent",sshd_HostKeyAgent) -}}
{{ body_option("HostKeyAlgorithms",sshd_HostKeyAlgorithms) -}}
{{ body_option("HostbasedAcceptedKeyTypes",sshd_HostbasedAcceptedKeyTypes) -}}
{{ body_option("HostbasedAcceptedAlgorithms",sshd_HostbasedAcceptedAlgorithms) -}}
{{ body_option("HostbasedAuthentication",sshd_HostbasedAuthentication) -}}
{{ body_option("HostbasedUsesNameFromPacketOnly",sshd_HostbasedUsesNameFromPacketOnly) -}}
{{ body_option("Include",sshd_Include) -}}
@ -156,14 +161,17 @@ Match {{ match["Condition"] }}
{{ body_option("KerberosGetAFSToken",sshd_KerberosGetAFSToken) -}}
{{ body_option("KerberosOrLocalPasswd",sshd_KerberosOrLocalPasswd) -}}
{{ body_option("KerberosTicketCleanup",sshd_KerberosTicketCleanup) -}}
{{ body_option("KerberosUniqueTicket",sshd_KerberosUniqueTicket) -}}
{{ body_option("KexAlgorithms",sshd_KexAlgorithms) -}}
{{ body_option("KeyRegenerationInterval",sshd_KeyRegenerationInterval) -}}
{{ body_option("LogLevel",sshd_LogLevel) -}}
{{ body_option("LogVerbose",sshd_LogVerbose) -}}
{{ body_option("LoginGraceTime",sshd_LoginGraceTime) -}}
{{ body_option("MACs",sshd_MACs) -}}
{{ body_option("MaxAuthTries",sshd_MaxAuthTries) -}}
{{ body_option("MaxSessions",sshd_MaxSessions) -}}
{{ body_option("MaxStartups",sshd_MaxStartups) -}}
{{ body_option("ModuliFile",sshd_ModuliFile) -}}
{{ body_option("NoneEnabled",sshd_NoneEnabled) -}}
{{ body_option("PasswordAuthentication",sshd_PasswordAuthentication) -}}
{{ body_option("PermitEmptyPasswords",sshd_PermitEmptyPasswords) -}}
@ -174,10 +182,13 @@ Match {{ match["Condition"] }}
{{ body_option("PermitTunnel",sshd_PermitTunnel) -}}
{{ body_option("PermitUserEnvironment",sshd_PermitUserEnvironment) -}}
{{ body_option("PermitUserRC",sshd_PermitUserRC) -}}
{{ body_option("PerSourceMaxStartups",sshd_PerSourceMaxStartups) -}}
{{ body_option("PerSourceNetBlockSize",sshd_PerSourceNetBlockSize) -}}
{{ body_option("PidFile",sshd_PidFile) -}}
{{ body_option("PrintLastLog",sshd_PrintLastLog) -}}
{{ body_option("PrintMotd",sshd_PrintMotd) -}}
{{ body_option("PubkeyAcceptedKeyTypes",sshd_PubkeyAcceptedKeyTypes) -}}
{{ body_option("PubkeyAcceptedAlgorithms",sshd_PubkeyAcceptedAlgorithms) -}}
{{ body_option("PubkeyAuthOptions",sshd_PubkeyAuthOptions) -}}
{{ body_option("PubkeyAuthentication",sshd_PubkeyAuthentication) -}}
{{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}}