mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-11-05 19:33:30 +01:00
No description
defaults | ||
handlers | ||
meta | ||
tasks | ||
templates | ||
vars | ||
CHANGELOG | ||
LICENSE | ||
README.md |
Ansible OpenSSH Daemon Role
This role configures the OpenSSH daemon. It:
- By default configures the SSH daemon with the normal OS defaults. Defaults can be disabled by setting
sshd_skip_defaults: true
- Supports use of a dict to configure items:
sshd:
Compression: delayed
ListenAddress:
- 0.0.0.0
- Can use scalars rather than a dict. Scalar values override dict values:
sshd_Compression: off
- Correctly interprets booleans as yes and no in sshd configuration
- Supports lists for multi line configuration items:
sshd_ListenAddress:
- 0.0.0.0
- ::
- Tests the sshd_config before reloading sshd
- Template is programmatically generated. See the files in the meta folder. It should cover all valid SSH options. To regenerate the template, in the meta directory run
./make_option_list >../templates/sshd_config.j2
- Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array.
Complete example
---
sshd_skip_defaults: true
sshd:
Compression: true
ListenAddress:
- "0.0.0.0"
- "::"
GSSAPIAuthentication: no
Match:
- Condition: "Group user"
GSSAPIAuthentication: yes
sshd_UsePrivilegeSeparation: sandbox
sshd_match:
- Condition: "Group xusers"
X11Forwarding: yes
Results in:
# Ansible managed: ...
Compression yes
GSSAPIAuthentication no
UsePrivilegeSeparation sandbox
Match Group user
GSSAPIAuthentication yes
Match Group xusers
X11Forwarding yes
Author
Copyright 2014 Matt Willsher
Code in this repository is licensed under the LGPLv3 license. See LICENSE for full details.