libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-11-28 21:50:18 +01:00
Code Issues Projects Releases Packages Wiki Activity

update Ubuntu 16 defaults for modern security recomendations

Browse source
This commit is contained in:
David Panofsky 2017-09-13 14:33:38 -04:00
parent 604c35bdce
commit d1fdfa683d
1 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
vars/Ubuntu_16.yml
View file

@ -8,15 +8,13 @@ sshd_defaults:
Port: 22
Protocol: 2
HostKey:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_dsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation: yes
- /etc/ssh/ssh_host_rsa_key
UsePrivilegeSeparation: sandbox
KeyRegenerationInterval: 3600
ServerKeyBits: 1024
SyslogFacility: AUTH
LogLevel: INFO
LogLevel: VERBOSE
LoginGraceTime: 120
PermitRootLogin: prohibit-password
StrictModes: yes
@ -28,13 +26,17 @@ sshd_defaults:
HostbasedAuthentication: no
PermitEmptyPasswords: no
ChallengeResponseAuthentication: no
X11Forwarding: yes
X11Forwarding: no
X11DisplayOffset: 10
PrintMotd: no
PrintLastLog: yes
TCPKeepAlive: yes
AcceptEnv: LANG LC_*
Subsystem: "sftp {{ sshd_sftp_server }}"
Subsystem: "sftp {{ sshd_sftp_server }} -f AUTHPRIV -l INFO"
UsePAM: yes
UseDNS: no
KexAlgorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
AuthenticationMethods: publickey
sshd_os_supported: yes