ansible-sshd/vars/Ubuntu_22.yml
Jakub Jelen f6ae2094fe Update service/socket files to match main OS's defaults
Specifics:
 * Debian 12 has no longer the instantiated service using inet, see the
   following commit:

0dc73888bb

 * I am not matching the Description tag verbosely as I do not find it
   crucial for functionality.
 * We generate additional -f switch to the sshd CLI pointing go the main
   sshd config we manage
 * The Before=sshd.service in the socket is not generated as I find it
   unnecessary when we conflict the service.
 * Recent Ubuntu versions have RuntimeDirectoryPreserve option, which I
   set for all Ubuntu/Debian as it should not hurt.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-01-22 16:41:33 +01:00

28 lines
852 B
YAML

---
__sshd_os_supported: true
__sshd_service: ssh
__sshd_packages:
- openssh-server
- openssh-sftp-server
# Ubuntu 22.04 finally ships with drop-in directory support so we touch
# just included file with highest priority by default
__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
__sshd_config_mode: "0644"
# the defaults here represent the defaults shipped in the main sshd_config
__sshd_defaults:
Include: /etc/ssh/sshd_config.d/*.conf
KbdInteractiveAuthentication: false
UsePAM: true
AcceptEnv: LANG LC_*
Subsystem: "sftp /usr/lib/openssh/sftp-server"
__sshd_runtime_directory: sshd
__sshd_drop_in_dir_mode: '0755'
__sshd_main_config_file: /etc/ssh/sshd_config
__sshd_environment_file: /etc/default/ssh
__sshd_environment_variable: $SSHD_OPTS
__sshd_service_after: auditd.service
__sshd_service_alias: sshd