feat: add option to configure RekeyLimit

2022-09-19 15:17:29 +02:00 · 2022-09-19 15:17:29 +02:00 · 94ab1f69e7
parent 3a3cda6c50
commit 94ab1f69e7
2 changed files with 4 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -43,6 +43,9 @@ sshd_max_sessions: 10
 sshd_tcp_keep_alive: "yes"
 sshd_use_dns: "no"

+sshd_rekey_limit_size: "1G"
+sshd_rekey_limit_time: "1h"
+
 sshd_crypto_policy_enabled: True

 # @var sshd_challenge_response_authentication:description: >
--- a/templates/etc/ssh/sshd_config.j2
+++ b/templates/etc/ssh/sshd_config.j2
@ -29,7 +29,7 @@ HostKey /etc/ssh/ssh_host_ecdsa_key
 HostKey /etc/ssh/ssh_host_ed25519_key

 # Ciphers and keying
-#RekeyLimit default none
+RekeyLimit {{ sshd_rekey_limit_size }} {{ sshd_rekey_limit_time }}

 {% if sshd_crypto_policy_enabled | bool %}
 # This system is following system-wide crypto policy. The changes to