From 0212a0e6b0c99b8c89f9bcdb62a100d63faf7f85 Mon Sep 17 00:00:00 2001 From: ci-bot Date: Sun, 18 Feb 2024 12:24:38 +0000 Subject: [PATCH] [skip ci] automated docs update --- README.md | 329 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 329 insertions(+) diff --git a/README.md b/README.md index 69d62fb..6040731 100644 --- a/README.md +++ b/README.md @@ -1 +1,330 @@ # xoxys.sshd + +[![Build Status](https://ci.rknet.org/api/badges/ansible/xoxys.sshd/status.svg)](https://ci.rknet.org/repos/ansible/xoxys.sshd) +[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.sshd/src/branch/main/LICENSE) + +Configure sshd server. + +## Table of content + +- [Requirements](#requirements) +- [Default Variables](#default-variables) + - [sshd_allow_agent_forwarding](#sshd_allow_agent_forwarding) + - [sshd_allow_groups](#sshd_allow_groups) + - [sshd_allow_tcp_forwarding](#sshd_allow_tcp_forwarding) + - [sshd_challenge_response_authentication](#sshd_challenge_response_authentication) + - [sshd_ciphers](#sshd_ciphers) + - [sshd_client_alive_count_max](#sshd_client_alive_count_max) + - [sshd_client_alive_interval](#sshd_client_alive_interval) + - [sshd_compression](#sshd_compression) + - [sshd_crypto_policy_enabled](#sshd_crypto_policy_enabled) + - [sshd_google_auth_enabled](#sshd_google_auth_enabled) + - [sshd_google_auth_exclude_group](#sshd_google_auth_exclude_group) + - [sshd_gssapi_authentication](#sshd_gssapi_authentication) + - [sshd_hostbased_authentication](#sshd_hostbased_authentication) + - [sshd_ignore_rhosts](#sshd_ignore_rhosts) + - [sshd_kex](#sshd_kex) + - [sshd_log_level](#sshd_log_level) + - [sshd_login_grace_time](#sshd_login_grace_time) + - [sshd_macs](#sshd_macs) + - [sshd_max_auth_tries](#sshd_max_auth_tries) + - [sshd_max_sessions](#sshd_max_sessions) + - [sshd_max_startups](#sshd_max_startups) + - [sshd_moduli_minimum](#sshd_moduli_minimum) + - [sshd_password_authentication](#sshd_password_authentication) + - [sshd_permit_empty_passwords](#sshd_permit_empty_passwords) + - [sshd_permit_root_login](#sshd_permit_root_login) + - [sshd_protocol](#sshd_protocol) + - [sshd_strict_modes](#sshd_strict_modes) + - [sshd_tcp_keep_alive](#sshd_tcp_keep_alive) + - [sshd_use_dns](#sshd_use_dns) + - [sshd_x11_forwarding](#sshd_x11_forwarding) +- [Dependencies](#dependencies) +- [License](#license) +- [Author](#author) + +--- + +## Requirements + +- Minimum Ansible version: `2.10` + +## Default Variables + +### sshd_allow_agent_forwarding + +#### Default value + +```YAML +sshd_allow_agent_forwarding: no +``` + +### sshd_allow_groups + +#### Default value + +```YAML +sshd_allow_groups: [] +``` + +### sshd_allow_tcp_forwarding + +#### Default value + +```YAML +sshd_allow_tcp_forwarding: yes +``` + +### sshd_challenge_response_authentication + +If you disable password auth you should disable ChallengeResponseAuth also. + +#### Default value + +```YAML +sshd_challenge_response_authentication: no +``` + +### sshd_ciphers + +#### Default value + +```YAML +sshd_ciphers: + - chacha20-poly1305@openssh.com + - aes256-gcm@openssh.com + - aes128-gcm@openssh.com + - aes256-ctr + - aes192-ctr + - aes128-ctr +``` + +### sshd_client_alive_count_max + +#### Default value + +```YAML +sshd_client_alive_count_max: 0 +``` + +### sshd_client_alive_interval + +#### Default value + +```YAML +sshd_client_alive_interval: 900 +``` + +### sshd_compression + +#### Default value + +```YAML +sshd_compression: delayed +``` + +### sshd_crypto_policy_enabled + +#### Default value + +```YAML +sshd_crypto_policy_enabled: true +``` + +### sshd_google_auth_enabled + +Google Authenticator required ChallengeResponseAuth! + +#### Default value + +```YAML +sshd_google_auth_enabled: false +``` + +### sshd_google_auth_exclude_group + +Exclude a group from 2FA auth + +#### Default value + +```YAML +sshd_google_auth_exclude_group: _unset_ +``` + +#### Example usage + +```YAML +sshd_google_auth_exclude_group: my_group +``` + +### sshd_gssapi_authentication + +#### Default value + +```YAML +sshd_gssapi_authentication: no +``` + +### sshd_hostbased_authentication + +#### Default value + +```YAML +sshd_hostbased_authentication: no +``` + +### sshd_ignore_rhosts + +#### Default value + +```YAML +sshd_ignore_rhosts: yes +``` + +### sshd_kex + +#### Default value + +```YAML +sshd_kex: + - curve25519-sha256@libssh.org + - diffie-hellman-group-exchange-sha256 +``` + +### sshd_log_level + +#### Default value + +```YAML +sshd_log_level: INFO +``` + +### sshd_login_grace_time + +#### Default value + +```YAML +sshd_login_grace_time: 60 +``` + +### sshd_macs + +#### Default value + +```YAML +sshd_macs: + - hmac-sha2-512-etm@openssh.com + - hmac-sha2-256-etm@openssh.com + - umac-128-etm@openssh.com + - hmac-sha2-512 + - hmac-sha2-256 + - umac-128@openssh.com +``` + +### sshd_max_auth_tries + +#### Default value + +```YAML +sshd_max_auth_tries: 6 +``` + +### sshd_max_sessions + +#### Default value + +```YAML +sshd_max_sessions: 10 +``` + +### sshd_max_startups + +#### Default value + +```YAML +sshd_max_startups: 10:30:60 +``` + +### sshd_moduli_minimum + +#### Default value + +```YAML +sshd_moduli_minimum: 2048 +``` + +### sshd_password_authentication + +#### Default value + +```YAML +sshd_password_authentication: no +``` + +### sshd_permit_empty_passwords + +#### Default value + +```YAML +sshd_permit_empty_passwords: no +``` + +### sshd_permit_root_login + +#### Default value + +```YAML +sshd_permit_root_login: yes +``` + +### sshd_protocol + +#### Default value + +```YAML +sshd_protocol: 2 +``` + +### sshd_strict_modes + +#### Default value + +```YAML +sshd_strict_modes: yes +``` + +### sshd_tcp_keep_alive + +#### Default value + +```YAML +sshd_tcp_keep_alive: yes +``` + +### sshd_use_dns + +#### Default value + +```YAML +sshd_use_dns: no +``` + +### sshd_x11_forwarding + +#### Default value + +```YAML +sshd_x11_forwarding: yes +``` + +## Dependencies + +None. + +## License + +MIT + +## Author + +[Robert Kaussow](https://gitea.rknet.org/xoxys)