libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-11-22 19:10:18 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add configuration options from OpenSSH 8.6

Browse source
This commit is contained in:
Jakub Jelen 2021-06-11 22:10:57 +02:00 committed by Jakub Jelen
parent d1446017e9
commit c4db22f16d
4 changed files with 33 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
meta/options_body
View file

@ -44,6 +44,7 @@ HostCertificate
HostKeyAgent HostKeyAgent
HostKeyAlgorithms HostKeyAlgorithms
HostbasedAcceptedKeyTypes HostbasedAcceptedKeyTypes
HostbasedAcceptedAlgorithms
HostbasedAuthentication HostbasedAuthentication
HostbasedUsesNameFromPacketOnly HostbasedUsesNameFromPacketOnly
Include Include
@ -55,14 +56,17 @@ KerberosAuthentication
KerberosGetAFSToken KerberosGetAFSToken
KerberosOrLocalPasswd KerberosOrLocalPasswd
KerberosTicketCleanup KerberosTicketCleanup
KerberosUniqueTicket
KexAlgorithms KexAlgorithms
KeyRegenerationInterval KeyRegenerationInterval
LogLevel LogLevel
LogVerbose
LoginGraceTime LoginGraceTime
MACs MACs
MaxAuthTries MaxAuthTries
MaxSessions MaxSessions
MaxStartups MaxStartups
ModuliFile
NoneEnabled NoneEnabled
PasswordAuthentication PasswordAuthentication
PermitEmptyPasswords PermitEmptyPasswords
@ -73,10 +77,13 @@ PermitTTY
PermitTunnel PermitTunnel
PermitUserEnvironment PermitUserEnvironment
PermitUserRC PermitUserRC
PerSourceMaxStartups
PerSourceNetBlockSize
PidFile PidFile
PrintLastLog PrintLastLog
PrintMotd PrintMotd
PubkeyAcceptedKeyTypes PubkeyAcceptedKeyTypes
PubkeyAcceptedAlgorithms
PubkeyAuthOptions PubkeyAuthOptions
PubkeyAuthentication PubkeyAuthentication
RSAAuthentication RSAAuthentication

4
meta/options_match
View file

@ -17,12 +17,15 @@ ClientAliveCountMax
ClientAliveInterval ClientAliveInterval
DenyGroups DenyGroups
DenyUsers DenyUsers
DisableForwarding
ForceCommand ForceCommand
GatewayPorts GatewayPorts
GSSAPIAuthentication GSSAPIAuthentication
HostbasedAcceptedKeyTypes HostbasedAcceptedKeyTypes
HostbasedAcceptedAlgorithms
HostbasedAuthentication HostbasedAuthentication
HostbasedUsesNameFromPacketOnly HostbasedUsesNameFromPacketOnly
IgnoreRhosts
Include Include
IPQoS IPQoS
KbdInteractiveAuthentication KbdInteractiveAuthentication
@ -39,6 +42,7 @@ PermitTTY
PermitTunnel PermitTunnel
PermitUserRC PermitUserRC
PubkeyAcceptedKeyTypes PubkeyAcceptedKeyTypes
PubkeyAcceptedAlgorithms
PubkeyAuthentication PubkeyAuthentication
RDomain RDomain
RekeyLimit RekeyLimit

11
templates/sshd_config.j2
View file

@ -52,12 +52,15 @@ Match {{ match["Condition"] }}
{{ render_option("ClientAliveInterval",match["ClientAliveInterval"],true) -}} {{ render_option("ClientAliveInterval",match["ClientAliveInterval"],true) -}}
{{ render_option("DenyGroups",match["DenyGroups"],true) -}} {{ render_option("DenyGroups",match["DenyGroups"],true) -}}
{{ render_option("DenyUsers",match["DenyUsers"],true) -}} {{ render_option("DenyUsers",match["DenyUsers"],true) -}}
{{ render_option("DisableForwarding",match["DisableForwarding"],true) -}}
{{ render_option("ForceCommand",match["ForceCommand"],true) -}} {{ render_option("ForceCommand",match["ForceCommand"],true) -}}
{{ render_option("GatewayPorts",match["GatewayPorts"],true) -}} {{ render_option("GatewayPorts",match["GatewayPorts"],true) -}}
{{ render_option("GSSAPIAuthentication",match["GSSAPIAuthentication"],true) -}} {{ render_option("GSSAPIAuthentication",match["GSSAPIAuthentication"],true) -}}
{{ render_option("HostbasedAcceptedKeyTypes",match["HostbasedAcceptedKeyTypes"],true) -}} {{ render_option("HostbasedAcceptedKeyTypes",match["HostbasedAcceptedKeyTypes"],true) -}}
{{ render_option("HostbasedAcceptedAlgorithms",match["HostbasedAcceptedAlgorithms"],true) -}}
{{ render_option("HostbasedAuthentication",match["HostbasedAuthentication"],true) -}} {{ render_option("HostbasedAuthentication",match["HostbasedAuthentication"],true) -}}
{{ render_option("HostbasedUsesNameFromPacketOnly",match["HostbasedUsesNameFromPacketOnly"],true) -}} {{ render_option("HostbasedUsesNameFromPacketOnly",match["HostbasedUsesNameFromPacketOnly"],true) -}}
{{ render_option("IgnoreRhosts",match["IgnoreRhosts"],true) -}}
{{ render_option("Include",match["Include"],true) -}} {{ render_option("Include",match["Include"],true) -}}
{{ render_option("IPQoS",match["IPQoS"],true) -}} {{ render_option("IPQoS",match["IPQoS"],true) -}}
{{ render_option("KbdInteractiveAuthentication",match["KbdInteractiveAuthentication"],true) -}} {{ render_option("KbdInteractiveAuthentication",match["KbdInteractiveAuthentication"],true) -}}
@ -74,6 +77,7 @@ Match {{ match["Condition"] }}
{{ render_option("PermitTunnel",match["PermitTunnel"],true) -}} {{ render_option("PermitTunnel",match["PermitTunnel"],true) -}}
{{ render_option("PermitUserRC",match["PermitUserRC"],true) -}} {{ render_option("PermitUserRC",match["PermitUserRC"],true) -}}
{{ render_option("PubkeyAcceptedKeyTypes",match["PubkeyAcceptedKeyTypes"],true) -}} {{ render_option("PubkeyAcceptedKeyTypes",match["PubkeyAcceptedKeyTypes"],true) -}}
{{ render_option("PubkeyAcceptedAlgorithms",match["PubkeyAcceptedAlgorithms"],true) -}}
{{ render_option("PubkeyAuthentication",match["PubkeyAuthentication"],true) -}} {{ render_option("PubkeyAuthentication",match["PubkeyAuthentication"],true) -}}
{{ render_option("RDomain",match["RDomain"],true) -}} {{ render_option("RDomain",match["RDomain"],true) -}}
{{ render_option("RekeyLimit",match["RekeyLimit"],true) -}} {{ render_option("RekeyLimit",match["RekeyLimit"],true) -}}
@ -146,6 +150,7 @@ Match {{ match["Condition"] }}
{{ body_option("HostKeyAgent",sshd_HostKeyAgent) -}} {{ body_option("HostKeyAgent",sshd_HostKeyAgent) -}}
{{ body_option("HostKeyAlgorithms",sshd_HostKeyAlgorithms) -}} {{ body_option("HostKeyAlgorithms",sshd_HostKeyAlgorithms) -}}
{{ body_option("HostbasedAcceptedKeyTypes",sshd_HostbasedAcceptedKeyTypes) -}} {{ body_option("HostbasedAcceptedKeyTypes",sshd_HostbasedAcceptedKeyTypes) -}}
{{ body_option("HostbasedAcceptedAlgorithms",sshd_HostbasedAcceptedAlgorithms) -}}
{{ body_option("HostbasedAuthentication",sshd_HostbasedAuthentication) -}} {{ body_option("HostbasedAuthentication",sshd_HostbasedAuthentication) -}}
{{ body_option("HostbasedUsesNameFromPacketOnly",sshd_HostbasedUsesNameFromPacketOnly) -}} {{ body_option("HostbasedUsesNameFromPacketOnly",sshd_HostbasedUsesNameFromPacketOnly) -}}
{{ body_option("Include",sshd_Include) -}} {{ body_option("Include",sshd_Include) -}}
@ -157,14 +162,17 @@ Match {{ match["Condition"] }}
{{ body_option("KerberosGetAFSToken",sshd_KerberosGetAFSToken) -}} {{ body_option("KerberosGetAFSToken",sshd_KerberosGetAFSToken) -}}
{{ body_option("KerberosOrLocalPasswd",sshd_KerberosOrLocalPasswd) -}} {{ body_option("KerberosOrLocalPasswd",sshd_KerberosOrLocalPasswd) -}}
{{ body_option("KerberosTicketCleanup",sshd_KerberosTicketCleanup) -}} {{ body_option("KerberosTicketCleanup",sshd_KerberosTicketCleanup) -}}
{{ body_option("KerberosUniqueTicket",sshd_KerberosUniqueTicket) -}}
{{ body_option("KexAlgorithms",sshd_KexAlgorithms) -}} {{ body_option("KexAlgorithms",sshd_KexAlgorithms) -}}
{{ body_option("KeyRegenerationInterval",sshd_KeyRegenerationInterval) -}} {{ body_option("KeyRegenerationInterval",sshd_KeyRegenerationInterval) -}}
{{ body_option("LogLevel",sshd_LogLevel) -}} {{ body_option("LogLevel",sshd_LogLevel) -}}
{{ body_option("LogVerbose",sshd_LogVerbose) -}}
{{ body_option("LoginGraceTime",sshd_LoginGraceTime) -}} {{ body_option("LoginGraceTime",sshd_LoginGraceTime) -}}
{{ body_option("MACs",sshd_MACs) -}} {{ body_option("MACs",sshd_MACs) -}}
{{ body_option("MaxAuthTries",sshd_MaxAuthTries) -}} {{ body_option("MaxAuthTries",sshd_MaxAuthTries) -}}
{{ body_option("MaxSessions",sshd_MaxSessions) -}} {{ body_option("MaxSessions",sshd_MaxSessions) -}}
{{ body_option("MaxStartups",sshd_MaxStartups) -}} {{ body_option("MaxStartups",sshd_MaxStartups) -}}
{{ body_option("ModuliFile",sshd_ModuliFile) -}}
{{ body_option("NoneEnabled",sshd_NoneEnabled) -}} {{ body_option("NoneEnabled",sshd_NoneEnabled) -}}
{{ body_option("PasswordAuthentication",sshd_PasswordAuthentication) -}} {{ body_option("PasswordAuthentication",sshd_PasswordAuthentication) -}}
{{ body_option("PermitEmptyPasswords",sshd_PermitEmptyPasswords) -}} {{ body_option("PermitEmptyPasswords",sshd_PermitEmptyPasswords) -}}
@ -175,10 +183,13 @@ Match {{ match["Condition"] }}
{{ body_option("PermitTunnel",sshd_PermitTunnel) -}} {{ body_option("PermitTunnel",sshd_PermitTunnel) -}}
{{ body_option("PermitUserEnvironment",sshd_PermitUserEnvironment) -}} {{ body_option("PermitUserEnvironment",sshd_PermitUserEnvironment) -}}
{{ body_option("PermitUserRC",sshd_PermitUserRC) -}} {{ body_option("PermitUserRC",sshd_PermitUserRC) -}}
{{ body_option("PerSourceMaxStartups",sshd_PerSourceMaxStartups) -}}
{{ body_option("PerSourceNetBlockSize",sshd_PerSourceNetBlockSize) -}}
{{ body_option("PidFile",sshd_PidFile) -}} {{ body_option("PidFile",sshd_PidFile) -}}
{{ body_option("PrintLastLog",sshd_PrintLastLog) -}} {{ body_option("PrintLastLog",sshd_PrintLastLog) -}}
{{ body_option("PrintMotd",sshd_PrintMotd) -}} {{ body_option("PrintMotd",sshd_PrintMotd) -}}
{{ body_option("PubkeyAcceptedKeyTypes",sshd_PubkeyAcceptedKeyTypes) -}} {{ body_option("PubkeyAcceptedKeyTypes",sshd_PubkeyAcceptedKeyTypes) -}}
{{ body_option("PubkeyAcceptedAlgorithms",sshd_PubkeyAcceptedAlgorithms) -}}
{{ body_option("PubkeyAuthOptions",sshd_PubkeyAuthOptions) -}} {{ body_option("PubkeyAuthOptions",sshd_PubkeyAuthOptions) -}}
{{ body_option("PubkeyAuthentication",sshd_PubkeyAuthentication) -}} {{ body_option("PubkeyAuthentication",sshd_PubkeyAuthentication) -}}
{{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}} {{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}}

11
templates/sshd_config_snippet.j2
View file

@ -51,12 +51,15 @@ Match {{ match["Condition"] }}
{{ render_option("ClientAliveInterval",match["ClientAliveInterval"],true) -}} {{ render_option("ClientAliveInterval",match["ClientAliveInterval"],true) -}}
{{ render_option("DenyGroups",match["DenyGroups"],true) -}} {{ render_option("DenyGroups",match["DenyGroups"],true) -}}
{{ render_option("DenyUsers",match["DenyUsers"],true) -}} {{ render_option("DenyUsers",match["DenyUsers"],true) -}}
{{ render_option("DisableForwarding",match["DisableForwarding"],true) -}}
{{ render_option("ForceCommand",match["ForceCommand"],true) -}} {{ render_option("ForceCommand",match["ForceCommand"],true) -}}
{{ render_option("GatewayPorts",match["GatewayPorts"],true) -}} {{ render_option("GatewayPorts",match["GatewayPorts"],true) -}}
{{ render_option("GSSAPIAuthentication",match["GSSAPIAuthentication"],true) -}} {{ render_option("GSSAPIAuthentication",match["GSSAPIAuthentication"],true) -}}
{{ render_option("HostbasedAcceptedKeyTypes",match["HostbasedAcceptedKeyTypes"],true) -}} {{ render_option("HostbasedAcceptedKeyTypes",match["HostbasedAcceptedKeyTypes"],true) -}}
{{ render_option("HostbasedAcceptedAlgorithms",match["HostbasedAcceptedAlgorithms"],true) -}}
{{ render_option("HostbasedAuthentication",match["HostbasedAuthentication"],true) -}} {{ render_option("HostbasedAuthentication",match["HostbasedAuthentication"],true) -}}
{{ render_option("HostbasedUsesNameFromPacketOnly",match["HostbasedUsesNameFromPacketOnly"],true) -}} {{ render_option("HostbasedUsesNameFromPacketOnly",match["HostbasedUsesNameFromPacketOnly"],true) -}}
{{ render_option("IgnoreRhosts",match["IgnoreRhosts"],true) -}}
{{ render_option("Include",match["Include"],true) -}} {{ render_option("Include",match["Include"],true) -}}
{{ render_option("IPQoS",match["IPQoS"],true) -}} {{ render_option("IPQoS",match["IPQoS"],true) -}}
{{ render_option("KbdInteractiveAuthentication",match["KbdInteractiveAuthentication"],true) -}} {{ render_option("KbdInteractiveAuthentication",match["KbdInteractiveAuthentication"],true) -}}
@ -73,6 +76,7 @@ Match {{ match["Condition"] }}
{{ render_option("PermitTunnel",match["PermitTunnel"],true) -}} {{ render_option("PermitTunnel",match["PermitTunnel"],true) -}}
{{ render_option("PermitUserRC",match["PermitUserRC"],true) -}} {{ render_option("PermitUserRC",match["PermitUserRC"],true) -}}
{{ render_option("PubkeyAcceptedKeyTypes",match["PubkeyAcceptedKeyTypes"],true) -}} {{ render_option("PubkeyAcceptedKeyTypes",match["PubkeyAcceptedKeyTypes"],true) -}}
{{ render_option("PubkeyAcceptedAlgorithms",match["PubkeyAcceptedAlgorithms"],true) -}}
{{ render_option("PubkeyAuthentication",match["PubkeyAuthentication"],true) -}} {{ render_option("PubkeyAuthentication",match["PubkeyAuthentication"],true) -}}
{{ render_option("RDomain",match["RDomain"],true) -}} {{ render_option("RDomain",match["RDomain"],true) -}}
{{ render_option("RekeyLimit",match["RekeyLimit"],true) -}} {{ render_option("RekeyLimit",match["RekeyLimit"],true) -}}
@ -145,6 +149,7 @@ Match {{ match["Condition"] }}
{{ body_option("HostKeyAgent",sshd_HostKeyAgent) -}} {{ body_option("HostKeyAgent",sshd_HostKeyAgent) -}}
{{ body_option("HostKeyAlgorithms",sshd_HostKeyAlgorithms) -}} {{ body_option("HostKeyAlgorithms",sshd_HostKeyAlgorithms) -}}
{{ body_option("HostbasedAcceptedKeyTypes",sshd_HostbasedAcceptedKeyTypes) -}} {{ body_option("HostbasedAcceptedKeyTypes",sshd_HostbasedAcceptedKeyTypes) -}}
{{ body_option("HostbasedAcceptedAlgorithms",sshd_HostbasedAcceptedAlgorithms) -}}
{{ body_option("HostbasedAuthentication",sshd_HostbasedAuthentication) -}} {{ body_option("HostbasedAuthentication",sshd_HostbasedAuthentication) -}}
{{ body_option("HostbasedUsesNameFromPacketOnly",sshd_HostbasedUsesNameFromPacketOnly) -}} {{ body_option("HostbasedUsesNameFromPacketOnly",sshd_HostbasedUsesNameFromPacketOnly) -}}
{{ body_option("Include",sshd_Include) -}} {{ body_option("Include",sshd_Include) -}}
@ -156,14 +161,17 @@ Match {{ match["Condition"] }}
{{ body_option("KerberosGetAFSToken",sshd_KerberosGetAFSToken) -}} {{ body_option("KerberosGetAFSToken",sshd_KerberosGetAFSToken) -}}
{{ body_option("KerberosOrLocalPasswd",sshd_KerberosOrLocalPasswd) -}} {{ body_option("KerberosOrLocalPasswd",sshd_KerberosOrLocalPasswd) -}}
{{ body_option("KerberosTicketCleanup",sshd_KerberosTicketCleanup) -}} {{ body_option("KerberosTicketCleanup",sshd_KerberosTicketCleanup) -}}
{{ body_option("KerberosUniqueTicket",sshd_KerberosUniqueTicket) -}}
{{ body_option("KexAlgorithms",sshd_KexAlgorithms) -}} {{ body_option("KexAlgorithms",sshd_KexAlgorithms) -}}
{{ body_option("KeyRegenerationInterval",sshd_KeyRegenerationInterval) -}} {{ body_option("KeyRegenerationInterval",sshd_KeyRegenerationInterval) -}}
{{ body_option("LogLevel",sshd_LogLevel) -}} {{ body_option("LogLevel",sshd_LogLevel) -}}
{{ body_option("LogVerbose",sshd_LogVerbose) -}}
{{ body_option("LoginGraceTime",sshd_LoginGraceTime) -}} {{ body_option("LoginGraceTime",sshd_LoginGraceTime) -}}
{{ body_option("MACs",sshd_MACs) -}} {{ body_option("MACs",sshd_MACs) -}}
{{ body_option("MaxAuthTries",sshd_MaxAuthTries) -}} {{ body_option("MaxAuthTries",sshd_MaxAuthTries) -}}
{{ body_option("MaxSessions",sshd_MaxSessions) -}} {{ body_option("MaxSessions",sshd_MaxSessions) -}}
{{ body_option("MaxStartups",sshd_MaxStartups) -}} {{ body_option("MaxStartups",sshd_MaxStartups) -}}
{{ body_option("ModuliFile",sshd_ModuliFile) -}}
{{ body_option("NoneEnabled",sshd_NoneEnabled) -}} {{ body_option("NoneEnabled",sshd_NoneEnabled) -}}
{{ body_option("PasswordAuthentication",sshd_PasswordAuthentication) -}} {{ body_option("PasswordAuthentication",sshd_PasswordAuthentication) -}}
{{ body_option("PermitEmptyPasswords",sshd_PermitEmptyPasswords) -}} {{ body_option("PermitEmptyPasswords",sshd_PermitEmptyPasswords) -}}
@ -174,10 +182,13 @@ Match {{ match["Condition"] }}
{{ body_option("PermitTunnel",sshd_PermitTunnel) -}} {{ body_option("PermitTunnel",sshd_PermitTunnel) -}}
{{ body_option("PermitUserEnvironment",sshd_PermitUserEnvironment) -}} {{ body_option("PermitUserEnvironment",sshd_PermitUserEnvironment) -}}
{{ body_option("PermitUserRC",sshd_PermitUserRC) -}} {{ body_option("PermitUserRC",sshd_PermitUserRC) -}}
{{ body_option("PerSourceMaxStartups",sshd_PerSourceMaxStartups) -}}
{{ body_option("PerSourceNetBlockSize",sshd_PerSourceNetBlockSize) -}}
{{ body_option("PidFile",sshd_PidFile) -}} {{ body_option("PidFile",sshd_PidFile) -}}
{{ body_option("PrintLastLog",sshd_PrintLastLog) -}} {{ body_option("PrintLastLog",sshd_PrintLastLog) -}}
{{ body_option("PrintMotd",sshd_PrintMotd) -}} {{ body_option("PrintMotd",sshd_PrintMotd) -}}
{{ body_option("PubkeyAcceptedKeyTypes",sshd_PubkeyAcceptedKeyTypes) -}} {{ body_option("PubkeyAcceptedKeyTypes",sshd_PubkeyAcceptedKeyTypes) -}}
{{ body_option("PubkeyAcceptedAlgorithms",sshd_PubkeyAcceptedAlgorithms) -}}
{{ body_option("PubkeyAuthOptions",sshd_PubkeyAuthOptions) -}} {{ body_option("PubkeyAuthOptions",sshd_PubkeyAuthOptions) -}}
{{ body_option("PubkeyAuthentication",sshd_PubkeyAuthentication) -}} {{ body_option("PubkeyAuthentication",sshd_PubkeyAuthentication) -}}
{{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}} {{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}}