--- ### USER OPTIONS # Set to false to disable this role completely sshd_enable: true # Don't apply OS defaults when set to true sshd_skip_defaults: false # If the below is false, don't manage the service or reload the SSH # daemon at all sshd_manage_service: true # If the below is true, also install service files from the templates pointed # to by the `sshd_service_template_*` variables sshd_install_service: false sshd_service_template_service: sshd.service.j2 sshd_service_template_at_service: sshd@.service.j2 sshd_service_template_socket: sshd.socket.j2 # If the below is false, don't reload the ssh daemon on change sshd_allow_reload: true # If the below is true, create a backup of the config file when the template is copied sshd_backup: true # If the below is true, also install the sysconfig file with the below options # (useful only on Fedora and RHEL) sshd_sysconfig: false # If the below is true the role will override also crypto policy configuration sshd_sysconfig_override_crypto_policy: false # If the below is set to non-zero value, the OpenSSL random generator is # reseeded with the given amount of random bytes (from getrandom(2) # with GRND_RANDOM or /dev/random). Minimum is 14 bytes when enabled. # This is not recommended to enable if you do not have hadware random generator sshd_sysconfig_use_strong_rng: 0 # Empty dicts to avoid errors sshd: {} ### VARS DEFAULTS ### The following are defaults for OS specific configuration in var files in ### this role. They should not be set directly by role users. If you really ### need to override them, use the corresponding, unprefixed variables (eg ### `sshd_packages` to override __sshd_packages). __sshd_packages: [] __sshd_config_owner: root __sshd_config_group: root __sshd_config_mode: "0600" __sshd_config_file: /etc/ssh/sshd_config __sshd_binary: /usr/sbin/sshd __sshd_service: sshd ### These variables are used by role internals and should not be used. __sshd_sftp_server: /usr/lib/openssh/sftp-server __sshd_defaults: {} __sshd_os_supported: no __sshd_sysconfig: false __sshd_sysconfig_supports_crypto_policy: false __sshd_sysconfig_supports_use_strong_rng: false