ansible-sshd/vars/Debian_10.yml
Jakub Jelen f32003f051 Remove set_facts tasks not to polute global namespace
The usage of set_facts inside of roles is not recommended if
it is used for internal variables used only inside of the role.
It is recommended to use variables with smaller scope to avoid
inter-dependencies between different invocations of the same
role as demonstrated in the tests_alternative_file.yml later
in the patch series

ttps://github.com/oasis-roles/meta_standards#ansible-best-practices
2020-11-06 12:04:41 +01:00

34 lines
1 KiB
YAML

---
sshd_service: ssh
sshd_packages:
- openssh-server
- openssh-sftp-server
sshd_config_mode: "0644"
__sshd_defaults:
Port: 22
Protocol: 2
HostKey:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_ed25519_key
HostKeyAlgorithms: ssh-ed25519,ecdsa-sha2-nistp256,ssh-rsa,ssh-ed25519-cert-v01@openssh.com
KexAlgorithms: curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256
MACs: umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
SyslogFacility: AUTH
LogLevel: INFO
LoginGraceTime: 120
PermitRootLogin: without-password
StrictModes: yes
PubkeyAuthentication: yes
IgnoreRhosts: yes
HostbasedAuthentication: no
PermitEmptyPasswords: no
ChallengeResponseAuthentication: no
X11Forwarding: yes
X11DisplayOffset: 10
PrintMotd: no
PrintLastLog: yes
TCPKeepAlive: yes
AcceptEnv: LANG LC_*
Subsystem: "sftp {{ sshd_sftp_server }}"
UsePAM: yes
__sshd_os_supported: yes