No description
Find a file
Matt Willsher be8dfbdc07 Merge pull request #7 from brenix/develop
Minor typo fixes and add Archlinux support
2015-01-04 12:45:19 +00:00
defaults Add EL6 defaults 2014-12-22 10:05:09 +00:00
handlers Initial commit 2014-12-18 22:12:51 +00:00
meta Add wheezy support 2014-12-25 12:16:47 +00:00
tasks Add tags 2014-12-25 20:02:44 +00:00
templates Move AddressFamily option before ListenAddress to fix validation 2015-01-03 21:36:00 -08:00
vars Add support for Archlinux 2015-01-03 21:00:40 -08:00
CHANGELOG CHANGELOG 2014-12-25 12:15:48 +00:00
README.md Fix typo in README 2015-01-03 20:57:09 -08:00

Ansible OpenSSH Daemon Role

This role configures the OpenSSH daemon. It:

  • By default configures the SSH daemon with the normal OS defaults. Defaults can be disabled by setting sshd_skip_defaults: true
  • Supports use of a dict to configure items:
sshd:
  Compression: delayed
  ListenAddress:
    - 0.0.0.0
  • Can use scalars rather than a dict. Scalar values override dict values:
sshd_Compression: off
  • Correctly interprets booleans as yes and no in sshd configuration
  • Supports lists for multi line configuration items:
sshd_ListenAddress:
  - 0.0.0.0
  - ::
  • Tests the sshd_config before reloading sshd
  • Template is programmatically generated. See the files in the meta folder. It should cover all valid SSH options. To regenerate the template, in the meta directory run ./make_option_list >../templates/sshd_config.j2
  • Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array.

Complete example

---
sshd_skip_defaults: true
sshd:
  Compression: true
  ListenAddress:
    - "0.0.0.0"
    - "::"
  GSSAPIAuthentication: no
  Match:
    - Condition: "Group user"
      GSSAPIAuthentication: yes
sshd_UsePrivilegeSeparation: sandbox
sshd_match:
    - Condition: "Group xusers"
      X11Forwarding: yes

Results in:

# Ansible managed: ...
Compression yes
GSSAPIAuthentication no
UsePrivilegeSeparation sandbox
Match Group user
  GSSAPIAuthentication yes
Match Group xusers
  X11Forwarding yes