ansible-sshd/vars/Debian_11.yml
Jakub Jelen f6ae2094fe Update service/socket files to match main OS's defaults
Specifics:
 * Debian 12 has no longer the instantiated service using inet, see the
   following commit:

0dc73888bb

 * I am not matching the Description tag verbosely as I do not find it
   crucial for functionality.
 * We generate additional -f switch to the sshd CLI pointing go the main
   sshd config we manage
 * The Before=sshd.service in the socket is not generated as I find it
   unnecessary when we conflict the service.
 * Recent Ubuntu versions have RuntimeDirectoryPreserve option, which I
   set for all Ubuntu/Debian as it should not hurt.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-01-22 16:41:33 +01:00

21 lines
538 B
YAML

---
__sshd_service: ssh
__sshd_packages:
- openssh-server
- openssh-sftp-server
__sshd_config_mode: "0644"
__sshd_defaults:
Include: /etc/ssh/sshd_config.d/*.conf
ChallengeResponseAuthentication: false
UsePAM: true
X11Forwarding: true
PrintMotd: false
AcceptEnv: LANG LC_*
Subsystem: "sftp {{ __sshd_sftp_server }}"
__sshd_os_supported: true
__sshd_runtime_directory: sshd
__sshd_environment_file: /etc/default/ssh
__sshd_environment_variable: $SSHD_OPTS
__sshd_service_after: auditd.service
__sshd_service_alias: sshd