xoxys.sshd/README.md

# xoxys.sshd
  
[![Build Status](https://drone.rknet.org/api/badges/ansible/xoxys.sshd/status.svg)](https://drone.rknet.org/ansible/xoxys.sshd)


Configure sshd server

## Table of content

* [Default Variables](#default-variables)
  * [sshd_allow_agent_forwarding](#sshd_allow_agent_forwarding)
  * [sshd_allow_groups](#sshd_allow_groups)
  * [sshd_allow_tcp_forwarding](#sshd_allow_tcp_forwarding)
  * [sshd_challenge_response_authentication](#sshd_challenge_response_authentication)
  * [sshd_ciphers](#sshd_ciphers)
  * [sshd_client_alive_count_max](#sshd_client_alive_count_max)
  * [sshd_client_alive_interval](#sshd_client_alive_interval)
  * [sshd_compression](#sshd_compression)
  * [sshd_google_auth_enabled](#sshd_google_auth_enabled)
  * [sshd_google_auth_exclude_group](#sshd_google_auth_exclude_group)
  * [sshd_gssapi_authentication](#sshd_gssapi_authentication)
  * [sshd_hostbased_authentication](#sshd_hostbased_authentication)
  * [sshd_ignore_rhosts](#sshd_ignore_rhosts)
  * [sshd_kex](#sshd_kex)
  * [sshd_log_level](#sshd_log_level)
  * [sshd_macs](#sshd_macs)
  * [sshd_max_auth_tries](#sshd_max_auth_tries)
  * [sshd_max_sessions](#sshd_max_sessions)
  * [sshd_moduli_minimum](#sshd_moduli_minimum)
  * [sshd_password_authentication](#sshd_password_authentication)
  * [sshd_permit_empty_passwords](#sshd_permit_empty_passwords)
  * [sshd_permit_root_login](#sshd_permit_root_login)
  * [sshd_protocol](#sshd_protocol)
  * [sshd_strict_modes](#sshd_strict_modes)
  * [sshd_tcp_keep_alive](#sshd_tcp_keep_alive)
  * [sshd_use_dns](#sshd_use_dns)
  * [sshd_x11_forwarding](#sshd_x11_forwarding)
* [Dependencies](#dependencies)
* [License](#license)
* [Author](#author)

---

## Default Variables

### sshd_allow_agent_forwarding

#### Default value

```YAML
sshd_allow_agent_forwarding: no
```

### sshd_allow_groups

#### Default value

```YAML
sshd_allow_groups: []
```

### sshd_allow_tcp_forwarding

#### Default value

```YAML
sshd_allow_tcp_forwarding: yes
```

### sshd_challenge_response_authentication

If you disable password auth you should disable ChallengeResponseAuth also.

#### Default value

```YAML
sshd_challenge_response_authentication: no
```

### sshd_ciphers

#### Default value

```YAML
sshd_ciphers:
  - chacha20-poly1305@openssh.com
  - aes256-gcm@openssh.com
  - aes128-gcm@openssh.com
  - aes256-ctr
  - aes192-ctr
  - aes128-ctr
```

### sshd_client_alive_count_max

#### Default value

```YAML
sshd_client_alive_count_max: 0
```

### sshd_client_alive_interval

#### Default value

```YAML
sshd_client_alive_interval: 900
```

### sshd_compression

#### Default value

```YAML
sshd_compression: delayed
```

### sshd_google_auth_enabled

Google Authenticator required ChallengeResponseAuth!

#### Default value

```YAML
sshd_google_auth_enabled: false
```

### sshd_google_auth_exclude_group

Exclude a group from 2FA auth

#### Default value

```YAML
sshd_google_auth_exclude_group: _unset_
```

#### Example usage

```YAML
sshd_google_auth_exclude_group: my_group
```

### sshd_gssapi_authentication

#### Default value

```YAML
sshd_gssapi_authentication: yes
```

### sshd_hostbased_authentication

#### Default value

```YAML
sshd_hostbased_authentication: no
```

### sshd_ignore_rhosts

#### Default value

```YAML
sshd_ignore_rhosts: yes
```

### sshd_kex

#### Default value

```YAML
sshd_kex:
  - curve25519-sha256@libssh.org
  - diffie-hellman-group-exchange-sha256
```

### sshd_log_level

#### Default value

```YAML
sshd_log_level: INFO
```

### sshd_macs

#### Default value

```YAML
sshd_macs:
  - hmac-sha2-512-etm@openssh.com
  - hmac-sha2-256-etm@openssh.com
  - hmac-ripemd160-etm@openssh.com
  - umac-128-etm@openssh.com
  - hmac-sha2-512
  - hmac-sha2-256
  - hmac-ripemd160
```

### sshd_max_auth_tries

#### Default value

```YAML
sshd_max_auth_tries: 6
```

### sshd_max_sessions

#### Default value

```YAML
sshd_max_sessions: 10
```

### sshd_moduli_minimum

#### Default value

```YAML
sshd_moduli_minimum: 2048
```

### sshd_password_authentication

#### Default value

```YAML
sshd_password_authentication: no
```

### sshd_permit_empty_passwords

#### Default value

```YAML
sshd_permit_empty_passwords: no
```

### sshd_permit_root_login

#### Default value

```YAML
sshd_permit_root_login: yes
```

### sshd_protocol

#### Default value

```YAML
sshd_protocol: 2
```

### sshd_strict_modes

#### Default value

```YAML
sshd_strict_modes: yes
```

### sshd_tcp_keep_alive

#### Default value

```YAML
sshd_tcp_keep_alive: yes
```

### sshd_use_dns

#### Default value

```YAML
sshd_use_dns: yes
```

### sshd_x11_forwarding

#### Default value

```YAML
sshd_x11_forwarding: yes
```

## Dependencies

None.

## License

MIT

## Author

[xoxys](https://gitea.rknet.org/xoxys)
initial commit 2019-11-02 19:10:39 +01:00			`# xoxys.sshd`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`[![Build Status](https://drone.rknet.org/api/badges/ansible/xoxys.sshd/status.svg)](https://drone.rknet.org/ansible/xoxys.sshd)`
initial commit 2019-11-02 19:10:39 +01:00
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
[SKIP CI] update readme 2019-11-06 21:09:50 +01:00			`Configure sshd server`

[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			`## Table of content`

			`* [Default Variables](#default-variables)`
			`* [sshd_allow_agent_forwarding](#sshd_allow_agent_forwarding)`
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`* [sshd_allow_groups](#sshd_allow_groups)`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			`* [sshd_allow_tcp_forwarding](#sshd_allow_tcp_forwarding)`
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`* [sshd_challenge_response_authentication](#sshd_challenge_response_authentication)`
			`* [sshd_ciphers](#sshd_ciphers)`
			`* [sshd_client_alive_count_max](#sshd_client_alive_count_max)`
			`* [sshd_client_alive_interval](#sshd_client_alive_interval)`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			`* [sshd_compression](#sshd_compression)`
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`* [sshd_google_auth_enabled](#sshd_google_auth_enabled)`
			`* [sshd_google_auth_exclude_group](#sshd_google_auth_exclude_group)`
			`* [sshd_gssapi_authentication](#sshd_gssapi_authentication)`
			`* [sshd_hostbased_authentication](#sshd_hostbased_authentication)`
			`* [sshd_ignore_rhosts](#sshd_ignore_rhosts)`
			`* [sshd_kex](#sshd_kex)`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			`* [sshd_log_level](#sshd_log_level)`
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`* [sshd_macs](#sshd_macs)`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			`* [sshd_max_auth_tries](#sshd_max_auth_tries)`
			`* [sshd_max_sessions](#sshd_max_sessions)`
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`* [sshd_moduli_minimum](#sshd_moduli_minimum)`
			`* [sshd_password_authentication](#sshd_password_authentication)`
			`* [sshd_permit_empty_passwords](#sshd_permit_empty_passwords)`
			`* [sshd_permit_root_login](#sshd_permit_root_login)`
			`* [sshd_protocol](#sshd_protocol)`
			`* [sshd_strict_modes](#sshd_strict_modes)`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			`* [sshd_tcp_keep_alive](#sshd_tcp_keep_alive)`
			`* [sshd_use_dns](#sshd_use_dns)`
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`* [sshd_x11_forwarding](#sshd_x11_forwarding)`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			`* [Dependencies](#dependencies)`
			`* [License](#license)`
			`* [Author](#author)`

			`---`

			`## Default Variables`

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_allow_agent_forwarding`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_allow_agent_forwarding: no`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_allow_groups`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_allow_groups: []`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_allow_tcp_forwarding`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_allow_tcp_forwarding: yes`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_challenge_response_authentication`

			`If you disable password auth you should disable ChallengeResponseAuth also.`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_challenge_response_authentication: no`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_ciphers`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_ciphers:`
			`- chacha20-poly1305@openssh.com`
			`- aes256-gcm@openssh.com`
			`- aes128-gcm@openssh.com`
			`- aes256-ctr`
			`- aes192-ctr`
			`- aes128-ctr`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_client_alive_count_max`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_client_alive_count_max: 0`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_client_alive_interval`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_client_alive_interval: 900`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_compression`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_compression: delayed`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_google_auth_enabled`

			`Google Authenticator required ChallengeResponseAuth!`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_google_auth_enabled: false`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_google_auth_exclude_group`

			`Exclude a group from 2FA auth`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_google_auth_exclude_group: _unset_`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`#### Example usage`

			```YAML
			`sshd_google_auth_exclude_group: my_group`
			```

			`### sshd_gssapi_authentication`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_gssapi_authentication: yes`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_hostbased_authentication`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_hostbased_authentication: no`
			```

			`### sshd_ignore_rhosts`

			`#### Default value`

			```YAML
			`sshd_ignore_rhosts: yes`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

			`### sshd_kex`

			`#### Default value`

			```YAML
			`sshd_kex:`
			`- curve25519-sha256@libssh.org`
			`- diffie-hellman-group-exchange-sha256`
			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_log_level`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_log_level: INFO`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

			`### sshd_macs`

			`#### Default value`

			```YAML
			`sshd_macs:`
			`- hmac-sha2-512-etm@openssh.com`
			`- hmac-sha2-256-etm@openssh.com`
			`- hmac-ripemd160-etm@openssh.com`
			`- umac-128-etm@openssh.com`
			`- hmac-sha2-512`
			`- hmac-sha2-256`
			`- hmac-ripemd160`
			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_max_auth_tries`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_max_auth_tries: 6`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_max_sessions`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_max_sessions: 10`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_moduli_minimum`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_moduli_minimum: 2048`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_password_authentication`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_password_authentication: no`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_permit_empty_passwords`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_permit_empty_passwords: no`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_permit_root_login`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_permit_root_login: yes`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_protocol`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_protocol: 2`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_strict_modes`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_strict_modes: yes`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_tcp_keep_alive`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_tcp_keep_alive: yes`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_use_dns`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_use_dns: yes`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`### sshd_x11_forwarding`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00
			`#### Default value`

			```YAML
[SKIP CI] update readme 2019-11-23 00:15:00 +01:00			`sshd_x11_forwarding: yes`
[SKIP CI] update readme 2019-11-02 20:13:10 +01:00			```

			`## Dependencies`

			`None.`

			`## License`

			`MIT`

			`## Author`

[SKIP CI] update readme 2019-11-07 09:39:50 +01:00			`[xoxys](https://gitea.rknet.org/xoxys)`