No description
Find a file
2015-01-04 13:38:33 +00:00
defaults Add EL6 defaults 2014-12-22 10:05:09 +00:00
handlers Initial commit 2014-12-18 22:12:51 +00:00
meta Move AddressFamily above ListenAddress 2015-01-04 12:53:50 +00:00
tasks Add tags 2014-12-25 20:02:44 +00:00
templates Merge from develop changes 2015-01-04 12:51:40 +00:00
vars Add Debian 8/Jessie defaults 2015-01-04 13:36:33 +00:00
CHANGELOG CHANGELOG 2014-12-25 12:15:48 +00:00
LICENSE Use LGPL license 2014-12-26 10:09:34 +00:00
README.md Merge from develop changes 2015-01-04 12:51:40 +00:00

Ansible OpenSSH Daemon Role

This role configures the OpenSSH daemon. It:

  • By default configures the SSH daemon with the normal OS defaults. Defaults can be disabled by setting sshd_skip_defaults: true
  • Supports use of a dict to configure items:
sshd:
  Compression: delayed
  ListenAddress:
    - 0.0.0.0
  • Can use scalars rather than a dict. Scalar values override dict values:
sshd_Compression: off
  • Correctly interprets booleans as yes and no in sshd configuration
  • Supports lists for multi line configuration items:
sshd_ListenAddress:
  - 0.0.0.0
  - ::
  • Tests the sshd_config before reloading sshd
  • Template is programmatically generated. See the files in the meta folder. It should cover all valid SSH options. To regenerate the template, in the meta directory run ./make_option_list >../templates/sshd_config.j2
  • Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array.

Complete example

---
sshd_skip_defaults: true
sshd:
  Compression: true
  ListenAddress:
    - "0.0.0.0"
    - "::"
  GSSAPIAuthentication: no
  Match:
    - Condition: "Group user"
      GSSAPIAuthentication: yes
sshd_UsePrivilegeSeparation: sandbox
sshd_match:
    - Condition: "Group xusers"
      X11Forwarding: yes

Results in:

# Ansible managed: ...
Compression yes
GSSAPIAuthentication no
UsePrivilegeSeparation sandbox
Match Group user
  GSSAPIAuthentication yes
Match Group xusers
  X11Forwarding yes

Author

Copyright 2014 Matt Willsher

Code in this repository is licensed under the LGPLv3 license. See LICENSE for full details.