mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-11-13 23:10:19 +01:00
f32003f051
The usage of set_facts inside of roles is not recommended if it is used for internal variables used only inside of the role. It is recommended to use variables with smaller scope to avoid inter-dependencies between different invocations of the same role as demonstrated in the tests_alternative_file.yml later in the patch series ttps://github.com/oasis-roles/meta_standards#ansible-best-practices
29 lines
966 B
YAML
29 lines
966 B
YAML
---
|
|
sshd_packages:
|
|
- openssh
|
|
- openssh-server
|
|
sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
|
__sshd_defaults:
|
|
HostKey:
|
|
- /etc/ssh/ssh_host_rsa_key
|
|
- /etc/ssh/ssh_host_ecdsa_key
|
|
- /etc/ssh/ssh_host_ed25519_key
|
|
SyslogFacility: AUTHPRIV
|
|
AuthorizedKeysFile: .ssh/authorized_keys
|
|
PasswordAuthentication: yes
|
|
ChallengeResponseAuthentication: no
|
|
GSSAPIAuthentication: yes
|
|
GSSAPICleanupCredentials: no
|
|
# Note that UsePAM: no is not supported under RHEL/CentOS. See
|
|
# https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218
|
|
UsePAM: yes
|
|
X11Forwarding: yes
|
|
UsePrivilegeSeparation: sandbox
|
|
AcceptEnv:
|
|
- LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
- LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
|
- XMODIFIERS
|
|
Subsystem: "sftp {{ sshd_sftp_server }}"
|
|
__sshd_os_supported: yes
|
|
__sshd_sysconfig_supports_use_strong_rng: true
|