mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-11-08 21:03:29 +01:00
70808e97fc
Use `true/false` instead of `yes/no` Ensure use of FQCN for builtin modules Use correct spacing in Jinja expressions All tasks and plays must have a `name`, and the `name` string must begin with an uppercase letter Use `ansible.posix.mount` instead of `ansible.builtin.mount` Use `set -o pipefail` with `shell` module where supported by the platform shell Signed-off-by: Rich Megginson <rmeggins@redhat.com>
40 lines
994 B
YAML
40 lines
994 B
YAML
---
|
|
__sshd_service: ssh
|
|
__sshd_packages:
|
|
- openssh-server
|
|
- openssh-sftp-server
|
|
__sshd_config_mode: "0644"
|
|
__sshd_defaults:
|
|
Port: 22
|
|
Protocol: 2
|
|
HostKey:
|
|
- /etc/ssh/ssh_host_rsa_key
|
|
- /etc/ssh/ssh_host_dsa_key
|
|
- /etc/ssh/ssh_host_ecdsa_key
|
|
- /etc/ssh/ssh_host_ed25519_key
|
|
UsePrivilegeSeparation: true
|
|
KeyRegenerationInterval: 3600
|
|
ServerKeyBits: 1024
|
|
SyslogFacility: AUTH
|
|
LogLevel: INFO
|
|
LoginGraceTime: 120
|
|
PermitRootLogin: prohibit-password
|
|
StrictModes: true
|
|
RSAAuthentication: true
|
|
PubkeyAuthentication: true
|
|
AuthorizedKeysFile: "%h/.ssh/authorized_keys"
|
|
IgnoreRhosts: true
|
|
RhostsRSAAuthentication: false
|
|
HostbasedAuthentication: false
|
|
PermitEmptyPasswords: false
|
|
ChallengeResponseAuthentication: false
|
|
X11Forwarding: true
|
|
X11DisplayOffset: 10
|
|
PrintMotd: false
|
|
PrintLastLog: true
|
|
TCPKeepAlive: true
|
|
AcceptEnv: LANG LC_*
|
|
Subsystem: "sftp {{ __sshd_sftp_server }}"
|
|
UsePAM: true
|
|
UseDNS: false
|
|
__sshd_os_supported: true
|