No description
Find a file
2015-01-12 21:43:39 +00:00
defaults Add EL6 defaults 2014-12-22 10:05:09 +00:00
handlers Initial commit 2014-12-18 22:12:51 +00:00
meta Add networking type 2015-01-12 13:06:49 +00:00
tasks Change to var file search path 2015-01-04 15:49:35 +00:00
templates Merge from develop changes 2015-01-04 12:51:40 +00:00
tests Fix test syntax error 2015-01-12 21:15:25 +00:00
vars Add precise, move 14.04 to specific configuration 2015-01-04 14:56:06 +00:00
.travis.yml Fix idempotency test path 2015-01-12 21:20:19 +00:00
CHANGELOG Update for 0.2.1 2015-01-12 21:43:39 +00:00
LICENSE Use LGPL license 2014-12-26 10:09:34 +00:00
README.md Standardise README 2015-01-12 21:40:04 +00:00

OpenSSH Server

This role configures the OpenSSH daemon. It:

  • By default configures the SSH daemon with the normal OS defaults.
  • Works across a variety of UN*X like distributions
  • Can be configured by dict or simple variables
  • Supports Match sets
  • Supports all sshd_config options. Templates are programmatically generated. (see meta/make_option_list)
  • Tests the sshd_config before reloading sshd.

Requirements

Tested on:

  • Ubuntu precise, trusty
  • Debian wheezy, jessie
  • FreeBSD 10.1
  • EL 6,7 derived distributions

It will likely work on other flavours and more direct support via suitable vars/ files is welcome.

Role variables

  • Unconfigured, this role will provide a sshd_config that matches the OS default, minus the comments and in a different order.

  • Defaults can be disabled by setting sshd_skip_defaults: true

  • Supports use of a dict to configure items:

sshd:
  Compression: delayed
  ListenAddress:
    - 0.0.0.0
  • Simple variables can be used rather than a dict. Simple values override dict values:
sshd_Compression: off
  • Correctly interprets booleans as yes and no in sshd configuration
  • Supports lists for multi line configuration items:
sshd_ListenAddress:
  - 0.0.0.0
  - '::'
  • Supports match section either via Match in the sshd dict, sshd_match and any of sshd_match_1 through sshd_match_9. Match items can either be a dict or an array.

Example Playbook

---
- hosts: all
  vars:
    sshd_skip_defaults: true
    sshd:
      Compression: true
      ListenAddress:
        - "0.0.0.0"
        - "::"
      GSSAPIAuthentication: no
      Match:
        - Condition: "Group user"
          GSSAPIAuthentication: yes
    sshd_UsePrivilegeSeparation: sandbox
    sshd_match:
        - Condition: "Group xusers"
          X11Forwarding: yes
  roles:
    - role: willshersystems.sshd

Results in:

# Ansible managed: ...
Compression yes
GSSAPIAuthentication no
UsePrivilegeSeparation sandbox
Match Group user
  GSSAPIAuthentication yes
Match Group xusers
  X11Forwarding yes

License

LGPLv3

Author

Matt Willsher matt@willsher.systems

Copyright 2014,2015 Willsher Systems