Allow overrides, force sftp for Ansible

This commit is contained in:
Matt Willsher 2014-12-21 20:29:13 +00:00
parent 220a5cdb54
commit c561b6e5f7
8 changed files with 224 additions and 412 deletions

View file

@ -1,4 +1,8 @@
---
sshd_user: root
sshd_group: root
sshd_binary: /usr/sbin/sshd
sshd_config_file: /etc/ssh/sshd_config
sshd_service: sshd
sshd_binary: /usr/sbin/sshd
sshd_force_sftp: true
sshd: {}

46
meta/macros.j2 Normal file
View file

@ -0,0 +1,46 @@
# {{ ansible_managed }}
{% macro sshd_multiline(key,override) %}
{% if override is defined %}
{% set value = override %}
{% elif sshd[key] is defined %}
{% set value = sshd[key] %}
{% endif %}
{% if value is defined %}
{% if value is string %}
{{ key }} {{ value }}
{% else %}
{% for i in value %}
{{ key }} {{ i }}
{% endfor %}
{% endif %}
{% endif %}
{% endmacro %}
{% macro sshd_boolean(key,override) %}
{% if override is defined %}
{% set value = override %}
{% elif sshd[key] is defined %}
{% set value = sshd[key] %}
{% endif %}
{% if value is defined %}
{% if value == true %}
{{ key }} yes
{% elif value == false %}
{{ key }} no
{% else %}
{{ key }} {{ value }}
{% endif %}
{% endif %}
{% endmacro %}
{% macro sshd_value(key,override) %}
{% if override is defined %}
{% set value = override %}
{% elif sshd[key] is defined %}
{% set value = sshd[key] %}
{% endif %}
{% if value is defined %}
{{ key }} {{ value }}
{% endif %}
{% endmacro %}
{% if sshd_force_sftp == true %}
Subsystem sftp {{ sshd_sftp_server }}
{% endif %}

20
meta/main.yml Normal file
View file

@ -0,0 +1,20 @@
---
galaxy_info:
author: Matt Willsher
description: OpenSSH Deamon configuration
company: Willsher Systems
license: MIT
min_ansible_version: 1.8
platforms:
- name: Ubuntu
versions:
- all
- name: Debian
versions:
- all
- name: FreeBSD
version:
- all
categories:
- system
dependencies: []

View file

@ -1,30 +1,20 @@
#!/bin/sh
echo "# {{ ansible_managed }}"
cat macros.j2
cat ssh_multi_options |
sort |
awk '{
print "{% if sshd_"$1" is defined %}"
print "{% for i in sshd_"$1" %}"
print $1" {{ i }}"
print "{% endfor %}"
print "{% endif %}"
print "{{ sshd_multiline(\""$1"\",sshd_"$1") -}}"
}'
cat ssh_kv_options |
sort |
awk '{print "{% if sshd_"$1" is defined %}"$1" {{ sshd_"$1" }}{% endif %}"}'
awk '{
print "{{ sshd_value(\""$1"\",sshd_"$1") -}}"
}'
cat ssh_boolean_options |
sort |
awk '{
print "{% if sshd_"$1" is defined %}"
print "{% if sshd_"$1" == true %}"
print $1" yes"
print "{% elif sshd_"$1" == false %}"
print $1" no"
print "{% else %}"
print $1" {{ "$1" }}"
print "{% endif %}"
print "{% endif %}"
print "{{ sshd_boolean(\""$1"\",sshd_"$1") -}}"
}'

View file

@ -1,16 +1,29 @@
---
- name: Include OS specific configuration
- name: Role set up
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}.yml"
- default.yml
- name: sshd configuration
- name: Installed
action: >
{{ ansible_pkg_mgr }}
name="{{ item }}"
state=installed
with_items: sshd_packages
- name: Configured
template:
src: sshd_config.j2
dest: "{{ sshd_config_file }}"
owner: root
group: root
owner: "{{ sshd_user }}"
group: "{{ sshd_group }}"
mode: 600
notify: check and reload sshd
- name: Service enabled and running
service:
name: "{{ sshd_service }}"
enabled: true
state: running

View file

@ -1,394 +1,124 @@
# {{ ansible_managed }}
{% if sshd_HostKey is defined %}
{% for i in sshd_HostKey %}
HostKey {{ i }}
{% endfor %}
{% endif %}
{% if sshd_ListenAddress is defined %}
{% for i in sshd_ListenAddress %}
ListenAddress {{ i }}
{% endfor %}
{% endif %}
{% if sshd_Subsystem is defined %}
{% for i in sshd_Subsystem %}
Subsystem {{ i }}
{% endfor %}
{% endif %}
{% if sshd_AcceptEnv is defined %}AcceptEnv {{ sshd_AcceptEnv }}{% endif %}
{% if sshd_AddressFamily is defined %}AddressFamily {{ sshd_AddressFamily }}{% endif %}
{% if sshd_AllowGroups is defined %}AllowGroups {{ sshd_AllowGroups }}{% endif %}
{% if sshd_AllowUsers is defined %}AllowUsers {{ sshd_AllowUsers }}{% endif %}
{% if sshd_AuthenticationMethods is defined %}AuthenticationMethods {{ sshd_AuthenticationMethods }}{% endif %}
{% if sshd_AuthorizedKeysCommand is defined %}AuthorizedKeysCommand {{ sshd_AuthorizedKeysCommand }}{% endif %}
{% if sshd_AuthorizedKeysCommandUser is defined %}AuthorizedKeysCommandUser {{ sshd_AuthorizedKeysCommandUser }}{% endif %}
{% if sshd_AuthorizedKeysFile is defined %}AuthorizedKeysFile {{ sshd_AuthorizedKeysFile }}{% endif %}
{% if sshd_AuthorizedPrincipalsFile is defined %}AuthorizedPrincipalsFile {{ sshd_AuthorizedPrincipalsFile }}{% endif %}
{% if sshd_Banner is defined %}Banner {{ sshd_Banner }}{% endif %}
{% if sshd_ChrootDirectory is defined %}ChrootDirectory {{ sshd_ChrootDirectory }}{% endif %}
{% if sshd_Ciphers is defined %}Ciphers {{ sshd_Ciphers }}{% endif %}
{% if sshd_ClientAliveCountMax is defined %}ClientAliveCountMax {{ sshd_ClientAliveCountMax }}{% endif %}
{% if sshd_ClientAliveInterval is defined %}ClientAliveInterval {{ sshd_ClientAliveInterval }}{% endif %}
{% if sshd_DenyGroups is defined %}DenyGroups {{ sshd_DenyGroups }}{% endif %}
{% if sshd_DenyUsers is defined %}DenyUsers {{ sshd_DenyUsers }}{% endif %}
{% if sshd_ForceCommand is defined %}ForceCommand {{ sshd_ForceCommand }}{% endif %}
{% if sshd_GSSAPIAuthentication is defined %}GSSAPIAuthentication {{ sshd_GSSAPIAuthentication }}{% endif %}
{% if sshd_GSSAPIKeyExchange is defined %}GSSAPIKeyExchange {{ sshd_GSSAPIKeyExchange }}{% endif %}
{% if sshd_HPNBufferSize is defined %}HPNBufferSize {{ sshd_HPNBufferSize }}{% endif %}
{% if sshd_HostCertificate is defined %}HostCertificate {{ sshd_HostCertificate }}{% endif %}
{% if sshd_HostKeyAgent is defined %}HostKeyAgent {{ sshd_HostKeyAgent }}{% endif %}
{% if sshd_IPQoS is defined %}IPQoS {{ sshd_IPQoS }}{% endif %}
{% if sshd_KbdInteractiveAuthentication is defined %}KbdInteractiveAuthentication {{ sshd_KbdInteractiveAuthentication }}{% endif %}
{% if sshd_KexAlgorithms is defined %}KexAlgorithms {{ sshd_KexAlgorithms }}{% endif %}
{% if sshd_KeyRegenerationInterval is defined %}KeyRegenerationInterval {{ sshd_KeyRegenerationInterval }}{% endif %}
{% if sshd_LogLevel is defined %}LogLevel {{ sshd_LogLevel }}{% endif %}
{% if sshd_LoginGraceTime is defined %}LoginGraceTime {{ sshd_LoginGraceTime }}{% endif %}
{% if sshd_MACs is defined %}MACs {{ sshd_MACs }}{% endif %}
{% if sshd_MaxAuthTries is defined %}MaxAuthTries {{ sshd_MaxAuthTries }}{% endif %}
{% if sshd_MaxSessions is defined %}MaxSessions {{ sshd_MaxSessions }}{% endif %}
{% if sshd_MaxStartups is defined %}MaxStartups {{ sshd_MaxStartups }}{% endif %}
{% if sshd_PermitOpen is defined %}PermitOpen {{ sshd_PermitOpen }}{% endif %}
{% if sshd_PermitTTY is defined %}PermitTTY {{ sshd_PermitTTY }}{% endif %}
{% if sshd_PidFile is defined %}PidFile {{ sshd_PidFile }}{% endif %}
{% if sshd_Port is defined %}Port {{ sshd_Port }}{% endif %}
{% if sshd_Protocol is defined %}Protocol {{ sshd_Protocol }}{% endif %}
{% if sshd_RekeyLimit is defined %}RekeyLimit {{ sshd_RekeyLimit }}{% endif %}
{% if sshd_RevokedKeys is defined %}RevokedKeys {{ sshd_RevokedKeys }}{% endif %}
{% if sshd_ServerKeyBits is defined %}ServerKeyBits {{ sshd_ServerKeyBits }}{% endif %}
{% if sshd_SyslogFacility is defined %}SyslogFacility {{ sshd_SyslogFacility }}{% endif %}
{% if sshd_TrustedUserCAKeys is defined %}TrustedUserCAKeys {{ sshd_TrustedUserCAKeys }}{% endif %}
{% if sshd_VersionAddendum is defined %}VersionAddendum {{ sshd_VersionAddendum }}{% endif %}
{% if sshd_X11DisplayOffset is defined %}X11DisplayOffset {{ sshd_X11DisplayOffset }}{% endif %}
{% if sshd_XAuthLocation is defined %}XAuthLocation {{ sshd_XAuthLocation }}{% endif %}
{% if sshd_AllowAgentForwarding is defined %}
{% if sshd_AllowAgentForwarding == true %}
AllowAgentForwarding yes
{% elif sshd_AllowAgentForwarding == false %}
AllowAgentForwarding no
{% else %}
AllowAgentForwarding {{ AllowAgentForwarding }}
{% macro sshd_multiline(key,override) %}
{% if override is defined %}
{% set value = override %}
{% elif sshd[key] is defined %}
{% set value = sshd[key] %}
{% endif %}
{% endif %}
{% if sshd_AllowTcpForwarding is defined %}
{% if sshd_AllowTcpForwarding == true %}
AllowTcpForwarding yes
{% elif sshd_AllowTcpForwarding == false %}
AllowTcpForwarding no
{% else %}
AllowTcpForwarding {{ AllowTcpForwarding }}
{% if value is defined %}
{% for i in value %}
{{ key }} {{ i }}
{% endfor %}
{% endif %}
{% endif %}
{% if sshd_ChallengeResponseAuthentication is defined %}
{% if sshd_ChallengeResponseAuthentication == true %}
ChallengeResponseAuthentication yes
{% elif sshd_ChallengeResponseAuthentication == false %}
ChallengeResponseAuthentication no
{% else %}
ChallengeResponseAuthentication {{ ChallengeResponseAuthentication }}
{% endmacro %}
{% macro sshd_boolean(key,override) %}
{% if override is defined %}
{% set value = override %}
{% elif sshd[key] is defined %}
{% set value = sshd[key] %}
{% endif %}
{% endif %}
{% if sshd_Compression is defined %}
{% if sshd_Compression == true %}
Compression yes
{% elif sshd_Compression == false %}
Compression no
{% else %}
Compression {{ Compression }}
{% if value is defined %}
{% if value == true %}
{{ key }} yes
{% elif value == false %}
{{ key }} no
{% else %}
{{ key }} {{ value }}
{% endif %}
{% endif %}
{% endif %}
{% if sshd_GSSAPICleanupCredentials is defined %}
{% if sshd_GSSAPICleanupCredentials == true %}
GSSAPICleanupCredentials yes
{% elif sshd_GSSAPICleanupCredentials == false %}
GSSAPICleanupCredentials no
{% else %}
GSSAPICleanupCredentials {{ GSSAPICleanupCredentials }}
{% endif %}
{% endif %}
{% if sshd_GSSAPIStoreCredentialsOnRekey is defined %}
{% if sshd_GSSAPIStoreCredentialsOnRekey == true %}
GSSAPIStoreCredentialsOnRekey yes
{% elif sshd_GSSAPIStoreCredentialsOnRekey == false %}
GSSAPIStoreCredentialsOnRekey no
{% else %}
GSSAPIStoreCredentialsOnRekey {{ GSSAPIStoreCredentialsOnRekey }}
{% endif %}
{% endif %}
{% if sshd_GSSAPIStrictAcceptorCheck is defined %}
{% if sshd_GSSAPIStrictAcceptorCheck == true %}
GSSAPIStrictAcceptorCheck yes
{% elif sshd_GSSAPIStrictAcceptorCheck == false %}
GSSAPIStrictAcceptorCheck no
{% else %}
GSSAPIStrictAcceptorCheck {{ GSSAPIStrictAcceptorCheck }}
{% endif %}
{% endif %}
{% if sshd_GatewayPorts is defined %}
{% if sshd_GatewayPorts == true %}
GatewayPorts yes
{% elif sshd_GatewayPorts == false %}
GatewayPorts no
{% else %}
GatewayPorts {{ GatewayPorts }}
{% endif %}
{% endif %}
{% if sshd_HPNDisabled is defined %}
{% if sshd_HPNDisabled == true %}
HPNDisabled yes
{% elif sshd_HPNDisabled == false %}
HPNDisabled no
{% else %}
HPNDisabled {{ HPNDisabled }}
{% endif %}
{% endif %}
{% if sshd_HostbasedAuthentication is defined %}
{% if sshd_HostbasedAuthentication == true %}
HostbasedAuthentication yes
{% elif sshd_HostbasedAuthentication == false %}
HostbasedAuthentication no
{% else %}
HostbasedAuthentication {{ HostbasedAuthentication }}
{% endif %}
{% endif %}
{% if sshd_HostbasedUsesNameFromPacketOnly is defined %}
{% if sshd_HostbasedUsesNameFromPacketOnly == true %}
HostbasedUsesNameFromPacketOnly yes
{% elif sshd_HostbasedUsesNameFromPacketOnly == false %}
HostbasedUsesNameFromPacketOnly no
{% else %}
HostbasedUsesNameFromPacketOnly {{ HostbasedUsesNameFromPacketOnly }}
{% endif %}
{% endif %}
{% if sshd_IgnoreRhosts is defined %}
{% if sshd_IgnoreRhosts == true %}
IgnoreRhosts yes
{% elif sshd_IgnoreRhosts == false %}
IgnoreRhosts no
{% else %}
IgnoreRhosts {{ IgnoreRhosts }}
{% endif %}
{% endif %}
{% if sshd_IgnoreUserKnownHosts is defined %}
{% if sshd_IgnoreUserKnownHosts == true %}
IgnoreUserKnownHosts yes
{% elif sshd_IgnoreUserKnownHosts == false %}
IgnoreUserKnownHosts no
{% else %}
IgnoreUserKnownHosts {{ IgnoreUserKnownHosts }}
{% endif %}
{% endif %}
{% if sshd_KerberosAuthentication is defined %}
{% if sshd_KerberosAuthentication == true %}
KerberosAuthentication yes
{% elif sshd_KerberosAuthentication == false %}
KerberosAuthentication no
{% else %}
KerberosAuthentication {{ KerberosAuthentication }}
{% endif %}
{% endif %}
{% if sshd_KerberosGetAFSToken is defined %}
{% if sshd_KerberosGetAFSToken == true %}
KerberosGetAFSToken yes
{% elif sshd_KerberosGetAFSToken == false %}
KerberosGetAFSToken no
{% else %}
KerberosGetAFSToken {{ KerberosGetAFSToken }}
{% endif %}
{% endif %}
{% if sshd_KerberosOrLocalPasswd is defined %}
{% if sshd_KerberosOrLocalPasswd == true %}
KerberosOrLocalPasswd yes
{% elif sshd_KerberosOrLocalPasswd == false %}
KerberosOrLocalPasswd no
{% else %}
KerberosOrLocalPasswd {{ KerberosOrLocalPasswd }}
{% endif %}
{% endif %}
{% if sshd_KerberosTicketCleanup is defined %}
{% if sshd_KerberosTicketCleanup == true %}
KerberosTicketCleanup yes
{% elif sshd_KerberosTicketCleanup == false %}
KerberosTicketCleanup no
{% else %}
KerberosTicketCleanup {{ KerberosTicketCleanup }}
{% endif %}
{% endif %}
{% if sshd_NoneEnabled is defined %}
{% if sshd_NoneEnabled == true %}
NoneEnabled yes
{% elif sshd_NoneEnabled == false %}
NoneEnabled no
{% else %}
NoneEnabled {{ NoneEnabled }}
{% endif %}
{% endif %}
{% if sshd_PasswordAuthentication is defined %}
{% if sshd_PasswordAuthentication == true %}
PasswordAuthentication yes
{% elif sshd_PasswordAuthentication == false %}
PasswordAuthentication no
{% else %}
PasswordAuthentication {{ PasswordAuthentication }}
{% endif %}
{% endif %}
{% if sshd_PermitEmptyPasswords is defined %}
{% if sshd_PermitEmptyPasswords == true %}
PermitEmptyPasswords yes
{% elif sshd_PermitEmptyPasswords == false %}
PermitEmptyPasswords no
{% else %}
PermitEmptyPasswords {{ PermitEmptyPasswords }}
{% endif %}
{% endif %}
{% if sshd_PermitRootLogin is defined %}
{% if sshd_PermitRootLogin == true %}
PermitRootLogin yes
{% elif sshd_PermitRootLogin == false %}
PermitRootLogin no
{% else %}
PermitRootLogin {{ PermitRootLogin }}
{% endif %}
{% endif %}
{% if sshd_PermitTunnel is defined %}
{% if sshd_PermitTunnel == true %}
PermitTunnel yes
{% elif sshd_PermitTunnel == false %}
PermitTunnel no
{% else %}
PermitTunnel {{ PermitTunnel }}
{% endif %}
{% endif %}
{% if sshd_PermitUserEnvironment is defined %}
{% if sshd_PermitUserEnvironment == true %}
PermitUserEnvironment yes
{% elif sshd_PermitUserEnvironment == false %}
PermitUserEnvironment no
{% else %}
PermitUserEnvironment {{ PermitUserEnvironment }}
{% endif %}
{% endif %}
{% if sshd_PrintLastLog is defined %}
{% if sshd_PrintLastLog == true %}
PrintLastLog yes
{% elif sshd_PrintLastLog == false %}
PrintLastLog no
{% else %}
PrintLastLog {{ PrintLastLog }}
{% endif %}
{% endif %}
{% if sshd_PrintMotd is defined %}
{% if sshd_PrintMotd == true %}
PrintMotd yes
{% elif sshd_PrintMotd == false %}
PrintMotd no
{% else %}
PrintMotd {{ PrintMotd }}
{% endif %}
{% endif %}
{% if sshd_PubkeyAuthentication is defined %}
{% if sshd_PubkeyAuthentication == true %}
PubkeyAuthentication yes
{% elif sshd_PubkeyAuthentication == false %}
PubkeyAuthentication no
{% else %}
PubkeyAuthentication {{ PubkeyAuthentication }}
{% endif %}
{% endif %}
{% if sshd_RSAAuthentication is defined %}
{% if sshd_RSAAuthentication == true %}
RSAAuthentication yes
{% elif sshd_RSAAuthentication == false %}
RSAAuthentication no
{% else %}
RSAAuthentication {{ RSAAuthentication }}
{% endif %}
{% endif %}
{% if sshd_RhostsRSAAuthentication is defined %}
{% if sshd_RhostsRSAAuthentication == true %}
RhostsRSAAuthentication yes
{% elif sshd_RhostsRSAAuthentication == false %}
RhostsRSAAuthentication no
{% else %}
RhostsRSAAuthentication {{ RhostsRSAAuthentication }}
{% endif %}
{% endif %}
{% if sshd_StrictModes is defined %}
{% if sshd_StrictModes == true %}
StrictModes yes
{% elif sshd_StrictModes == false %}
StrictModes no
{% else %}
StrictModes {{ StrictModes }}
{% endif %}
{% endif %}
{% if sshd_TCPKeepAlive is defined %}
{% if sshd_TCPKeepAlive == true %}
TCPKeepAlive yes
{% elif sshd_TCPKeepAlive == false %}
TCPKeepAlive no
{% else %}
TCPKeepAlive {{ TCPKeepAlive }}
{% endif %}
{% endif %}
{% if sshd_TcpRcvBufPoll is defined %}
{% if sshd_TcpRcvBufPoll == true %}
TcpRcvBufPoll yes
{% elif sshd_TcpRcvBufPoll == false %}
TcpRcvBufPoll no
{% else %}
TcpRcvBufPoll {{ TcpRcvBufPoll }}
{% endif %}
{% endif %}
{% if sshd_UseDNS is defined %}
{% if sshd_UseDNS == true %}
UseDNS yes
{% elif sshd_UseDNS == false %}
UseDNS no
{% else %}
UseDNS {{ UseDNS }}
{% endif %}
{% endif %}
{% if sshd_UseLogin is defined %}
{% if sshd_UseLogin == true %}
UseLogin yes
{% elif sshd_UseLogin == false %}
UseLogin no
{% else %}
UseLogin {{ UseLogin }}
{% endif %}
{% endif %}
{% if sshd_UsePAM is defined %}
{% if sshd_UsePAM == true %}
UsePAM yes
{% elif sshd_UsePAM == false %}
UsePAM no
{% else %}
UsePAM {{ UsePAM }}
{% endif %}
{% endif %}
{% if sshd_UsePrivilegeSeparation is defined %}
{% if sshd_UsePrivilegeSeparation == true %}
UsePrivilegeSeparation yes
{% elif sshd_UsePrivilegeSeparation == false %}
UsePrivilegeSeparation no
{% else %}
UsePrivilegeSeparation {{ UsePrivilegeSeparation }}
{% endif %}
{% endif %}
{% if sshd_X11Forwarding is defined %}
{% if sshd_X11Forwarding == true %}
X11Forwarding yes
{% elif sshd_X11Forwarding == false %}
X11Forwarding no
{% else %}
X11Forwarding {{ X11Forwarding }}
{% endif %}
{% endif %}
{% if sshd_X11UseLocalhost is defined %}
{% if sshd_X11UseLocalhost == true %}
X11UseLocalhost yes
{% elif sshd_X11UseLocalhost == false %}
X11UseLocalhost no
{% else %}
X11UseLocalhost {{ X11UseLocalhost }}
{% endif %}
{% endif %}
{% endmacro -%}
{% macro sshd_value(key,override) -%}
{% if override is defined -%}
{% set value = override -%}
{% elif sshd[key] is defined -%}
{% set value = sshd[key] -%}
{% endif -%}
{% if value is defined -%}
{{ key }} {{ value }}
{% endif -%}
{% endmacro -%}
{{ sshd_multiline("HostKey",sshd_HostKey) }}
{{ sshd_multiline("ListenAddress",sshd_ListenAddress) }}
{{ sshd_multiline("Subsystem",sshd_Subsystem) }}
{{ sshd_value("AcceptEnv",sshd_AcceptEnv) }}
{{ sshd_value("AddressFamily",sshd_AddressFamily) }}
{{ sshd_value("AllowGroups",sshd_AllowGroups) }}
{{ sshd_value("AllowUsers",sshd_AllowUsers) }}
{{ sshd_value("AuthenticationMethods",sshd_AuthenticationMethods) }}
{{ sshd_value("AuthorizedKeysCommand",sshd_AuthorizedKeysCommand) }}
{{ sshd_value("AuthorizedKeysCommandUser",sshd_AuthorizedKeysCommandUser) }}
{{ sshd_value("AuthorizedKeysFile",sshd_AuthorizedKeysFile) }}
{{ sshd_value("AuthorizedPrincipalsFile",sshd_AuthorizedPrincipalsFile) }}
{{ sshd_value("Banner",sshd_Banner) }}
{{ sshd_value("ChrootDirectory",sshd_ChrootDirectory) }}
{{ sshd_value("Ciphers",sshd_Ciphers) }}
{{ sshd_value("ClientAliveCountMax",sshd_ClientAliveCountMax) }}
{{ sshd_value("ClientAliveInterval",sshd_ClientAliveInterval) }}
{{ sshd_value("DenyGroups",sshd_DenyGroups) }}
{{ sshd_value("DenyUsers",sshd_DenyUsers) }}
{{ sshd_value("ForceCommand",sshd_ForceCommand) }}
{{ sshd_value("GSSAPIAuthentication",sshd_GSSAPIAuthentication) }}
{{ sshd_value("GSSAPIKeyExchange",sshd_GSSAPIKeyExchange) }}
{{ sshd_value("HPNBufferSize",sshd_HPNBufferSize) }}
{{ sshd_value("HostCertificate",sshd_HostCertificate) }}
{{ sshd_value("HostKeyAgent",sshd_HostKeyAgent) }}
{{ sshd_value("IPQoS",sshd_IPQoS) }}
{{ sshd_value("KbdInteractiveAuthentication",sshd_KbdInteractiveAuthentication) }}
{{ sshd_value("KexAlgorithms",sshd_KexAlgorithms) }}
{{ sshd_value("KeyRegenerationInterval",sshd_KeyRegenerationInterval) }}
{{ sshd_value("LogLevel",sshd_LogLevel) }}
{{ sshd_value("LoginGraceTime",sshd_LoginGraceTime) }}
{{ sshd_value("MACs",sshd_MACs) }}
{{ sshd_value("MaxAuthTries",sshd_MaxAuthTries) }}
{{ sshd_value("MaxSessions",sshd_MaxSessions) }}
{{ sshd_value("MaxStartups",sshd_MaxStartups) }}
{{ sshd_value("PermitOpen",sshd_PermitOpen) }}
{{ sshd_value("PermitTTY",sshd_PermitTTY) }}
{{ sshd_value("PidFile",sshd_PidFile) }}
{{ sshd_value("Port",sshd_Port) }}
{{ sshd_value("Protocol",sshd_Protocol) }}
{{ sshd_value("RekeyLimit",sshd_RekeyLimit) }}
{{ sshd_value("RevokedKeys",sshd_RevokedKeys) }}
{{ sshd_value("ServerKeyBits",sshd_ServerKeyBits) }}
{{ sshd_value("SyslogFacility",sshd_SyslogFacility) }}
{{ sshd_value("TrustedUserCAKeys",sshd_TrustedUserCAKeys) }}
{{ sshd_value("VersionAddendum",sshd_VersionAddendum) }}
{{ sshd_value("X11DisplayOffset",sshd_X11DisplayOffset) }}
{{ sshd_value("XAuthLocation",sshd_XAuthLocation) }}
{{ sshd_boolean("AllowAgentForwarding",sshd_AllowAgentForwarding) }}
{{ sshd_boolean("AllowTcpForwarding",sshd_AllowTcpForwarding) }}
{{ sshd_boolean("ChallengeResponseAuthentication",sshd_ChallengeResponseAuthentication) }}
{{ sshd_boolean("Compression",sshd_Compression) }}
{{ sshd_boolean("GSSAPICleanupCredentials",sshd_GSSAPICleanupCredentials) }}
{{ sshd_boolean("GSSAPIStoreCredentialsOnRekey",sshd_GSSAPIStoreCredentialsOnRekey) }}
{{ sshd_boolean("GSSAPIStrictAcceptorCheck",sshd_GSSAPIStrictAcceptorCheck) }}
{{ sshd_boolean("GatewayPorts",sshd_GatewayPorts) }}
{{ sshd_boolean("HPNDisabled",sshd_HPNDisabled) }}
{{ sshd_boolean("HostbasedAuthentication",sshd_HostbasedAuthentication) }}
{{ sshd_boolean("HostbasedUsesNameFromPacketOnly",sshd_HostbasedUsesNameFromPacketOnly) }}
{{ sshd_boolean("IgnoreRhosts",sshd_IgnoreRhosts) }}
{{ sshd_boolean("IgnoreUserKnownHosts",sshd_IgnoreUserKnownHosts) }}
{{ sshd_boolean("KerberosAuthentication",sshd_KerberosAuthentication) }}
{{ sshd_boolean("KerberosGetAFSToken",sshd_KerberosGetAFSToken) }}
{{ sshd_boolean("KerberosOrLocalPasswd",sshd_KerberosOrLocalPasswd) }}
{{ sshd_boolean("KerberosTicketCleanup",sshd_KerberosTicketCleanup) }}
{{ sshd_boolean("NoneEnabled",sshd_NoneEnabled) }}
{{ sshd_boolean("PasswordAuthentication",sshd_PasswordAuthentication) }}
{{ sshd_boolean("PermitEmptyPasswords",sshd_PermitEmptyPasswords) }}
{{ sshd_boolean("PermitRootLogin",sshd_PermitRootLogin) }}
{{ sshd_boolean("PermitTunnel",sshd_PermitTunnel) }}
{{ sshd_boolean("PermitUserEnvironment",sshd_PermitUserEnvironment) }}
{{ sshd_boolean("PrintLastLog",sshd_PrintLastLog) }}
{{ sshd_boolean("PrintMotd",sshd_PrintMotd) }}
{{ sshd_boolean("PubkeyAuthentication",sshd_PubkeyAuthentication) }}
{{ sshd_boolean("RSAAuthentication",sshd_RSAAuthentication) }}
{{ sshd_boolean("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) }}
{{ sshd_boolean("StrictModes",sshd_StrictModes) }}
{{ sshd_boolean("TCPKeepAlive",sshd_TCPKeepAlive) }}
{{ sshd_boolean("TcpRcvBufPoll",sshd_TcpRcvBufPoll) }}
{{ sshd_boolean("UseDNS",sshd_UseDNS) }}
{{ sshd_boolean("UseLogin",sshd_UseLogin) }}
{{ sshd_boolean("UsePAM",sshd_UsePAM) }}
{{ sshd_boolean("UsePrivilegeSeparation",sshd_UsePrivilegeSeparation) }}
{{ sshd_boolean("X11Forwarding",sshd_X11Forwarding) }}
{{ sshd_boolean("X11UseLocalhost",sshd_X11UseLocalhost) }}

View file

@ -1,4 +1,8 @@
---
sshd_config_file: /etc/ssh/sshd_config
sshd_service: ssh
sshd_binary: /usr/sbin/sshd
sshd_packages:
- openssh-server
- openssh-blacklist
- openssh-blacklist-extra
- openssh-sftp-server
sshd_sftp_server: /usr/lib/openssh/sftp-server

5
vars/FreeBSD.yml Normal file
View file

@ -0,0 +1,5 @@
---
sshd_service: sshd
sshd_packages: []
sshd_group: wheel
sshd_sftp_server: /usr/libexec/sftp-server