[SKIP CI] update readme

This commit is contained in:
Drone Shipper 2019-11-02 19:13:10 +00:00
parent 435fbaa504
commit 5a526a936b

295
README.md
View File

@ -1,2 +1,297 @@
# xoxys.sshd # xoxys.sshd
[![Build Status](https://drone.rknet.org/api/badges/ansible/xoxys.sshd/status.svg)](https://drone.rknet.org/ansible/xoxys.sshd)
## Table of content
* [Default Variables](#default-variables)
* [sshd_protocol](#sshd_protocol)
* [sshd_permit_root_login](#sshd_permit_root_login)
* [sshd_permit_empty_passwords](#sshd_permit_empty_passwords)
* [sshd_password_authentication](#sshd_password_authentication)
* [sshd_gssapi_authentication](#sshd_gssapi_authentication)
* [sshd_strict_modes](#sshd_strict_modes)
* [sshd_allow_groups](#sshd_allow_groups)
* [sshd_ignore_rhosts](#sshd_ignore_rhosts)
* [sshd_hostbased_authentication](#sshd_hostbased_authentication)
* [sshd_client_alive_interval](#sshd_client_alive_interval)
* [sshd_client_alive_count_max](#sshd_client_alive_count_max)
* [sshd_ciphers](#sshd_ciphers)
* [sshd_kex](#sshd_kex)
* [sshd_moduli_minimum](#sshd_moduli_minimum)
* [sshd_macs](#sshd_macs)
* [sshd_allow_agent_forwarding](#sshd_allow_agent_forwarding)
* [sshd_x11_forwarding](#sshd_x11_forwarding)
* [sshd_allow_tcp_forwarding](#sshd_allow_tcp_forwarding)
* [sshd_compression](#sshd_compression)
* [sshd_log_level](#sshd_log_level)
* [sshd_max_auth_tries](#sshd_max_auth_tries)
* [sshd_max_sessions](#sshd_max_sessions)
* [sshd_tcp_keep_alive](#sshd_tcp_keep_alive)
* [sshd_use_dns](#sshd_use_dns)
* [sshd_challenge_response_authentication](#sshd_challenge_response_authentication)
* [sshd_google_auth_enabled](#sshd_google_auth_enabled)
* [sshd_google_auth_exclude_group](#sshd_google_auth_exclude_group)
* [Dependencies](#dependencies)
* [License](#license)
* [Author](#author)
---
## Default Variables
### sshd_protocol
#### Default value
```YAML
sshd_protocol: 2
```
### sshd_permit_root_login
#### Default value
```YAML
sshd_permit_root_login: yes
```
### sshd_permit_empty_passwords
#### Default value
```YAML
sshd_permit_empty_passwords: no
```
### sshd_password_authentication
#### Default value
```YAML
sshd_password_authentication: no
```
### sshd_gssapi_authentication
#### Default value
```YAML
sshd_gssapi_authentication: yes
```
### sshd_strict_modes
#### Default value
```YAML
sshd_strict_modes: yes
```
### sshd_allow_groups
#### Default value
```YAML
sshd_allow_groups: []
```
### sshd_ignore_rhosts
#### Default value
```YAML
sshd_ignore_rhosts: yes
```
### sshd_hostbased_authentication
#### Default value
```YAML
sshd_hostbased_authentication: no
```
### sshd_client_alive_interval
#### Default value
```YAML
sshd_client_alive_interval: 900
```
### sshd_client_alive_count_max
#### Default value
```YAML
sshd_client_alive_count_max: 0
```
### sshd_ciphers
#### Default value
```YAML
sshd_ciphers:
- chacha20-poly1305@openssh.com
- aes256-gcm@openssh.com
- aes128-gcm@openssh.com
- aes256-ctr
- aes192-ctr
- aes128-ctr
```
### sshd_kex
#### Default value
```YAML
sshd_kex:
- curve25519-sha256@libssh.org
- diffie-hellman-group-exchange-sha256
```
### sshd_moduli_minimum
#### Default value
```YAML
sshd_moduli_minimum: 2048
```
### sshd_macs
#### Default value
```YAML
sshd_macs:
- hmac-sha2-512-etm@openssh.com
- hmac-sha2-256-etm@openssh.com
- hmac-ripemd160-etm@openssh.com
- umac-128-etm@openssh.com
- hmac-sha2-512
- hmac-sha2-256
- hmac-ripemd160
```
### sshd_allow_agent_forwarding
#### Default value
```YAML
sshd_allow_agent_forwarding: no
```
### sshd_x11_forwarding
#### Default value
```YAML
sshd_x11_forwarding: yes
```
### sshd_allow_tcp_forwarding
#### Default value
```YAML
sshd_allow_tcp_forwarding: yes
```
### sshd_compression
#### Default value
```YAML
sshd_compression: delayed
```
### sshd_log_level
#### Default value
```YAML
sshd_log_level: INFO
```
### sshd_max_auth_tries
#### Default value
```YAML
sshd_max_auth_tries: 6
```
### sshd_max_sessions
#### Default value
```YAML
sshd_max_sessions: 10
```
### sshd_tcp_keep_alive
#### Default value
```YAML
sshd_tcp_keep_alive: yes
```
### sshd_use_dns
#### Default value
```YAML
sshd_use_dns: yes
```
### sshd_challenge_response_authentication
If you disable password auth you should only disable ChallengeResponseAuth.
#### Default value
```YAML
sshd_challenge_response_authentication: no
```
### sshd_google_auth_enabled
Google Authenticator required ChallengeResponseAuth!
#### Default value
```YAML
sshd_google_auth_enabled: false
```
### sshd_google_auth_exclude_group
Exclude a group from 2FA auth
#### Default value
```YAML
sshd_google_auth_exclude_group: _unset_
```
#### Example usage
```YAML
sshd_google_auth_exclude_group: my_group
```
## Dependencies
None.
## License
MIT
## Author
xoxys