libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-09-20 07:21:31 +02:00
Code Issues Projects Releases Packages Wiki Activity
ansible-sshd/README.md
Paul Nicholson ab1ca002df Fix typo in README
2015-01-03 20:57:09 -08:00

1.5 KiB
Raw Blame History

Ansible OpenSSH Daemon Role

This role configures the OpenSSH daemon. It:

  • By default configures the SSH daemon with the normal OS defaults. Defaults can be disabled by setting sshd_skip_defaults: true
  • Supports use of a dict to configure items:
sshd:
  Compression: delayed
  ListenAddress:
    - 0.0.0.0
  • Can use scalars rather than a dict. Scalar values override dict values:
sshd_Compression: off
  • Correctly interprets booleans as yes and no in sshd configuration
  • Supports lists for multi line configuration items:
sshd_ListenAddress:
  - 0.0.0.0
  - ::
  • Tests the sshd_config before reloading sshd
  • Template is programmatically generated. See the files in the meta folder. It should cover all valid SSH options. To regenerate the template, in the meta directory run ./make_option_list >../templates/sshd_config.j2
  • Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array.

Complete example

---
sshd_skip_defaults: true
sshd:
  Compression: true
  ListenAddress:
    - "0.0.0.0"
    - "::"
  GSSAPIAuthentication: no
  Match:
    - Condition: "Group user"
      GSSAPIAuthentication: yes
sshd_UsePrivilegeSeparation: sandbox
sshd_match:
    - Condition: "Group xusers"
      X11Forwarding: yes

Results in:

# Ansible managed: ...
Compression yes
GSSAPIAuthentication no
UsePrivilegeSeparation sandbox
Match Group user
  GSSAPIAuthentication yes
Match Group xusers
  X11Forwarding yes