ansible/xoxys.sshd
0
0
Fork 0
Code Issues Pull Requests Releases Activity

feat: add option to configure RekeyLimit
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Robert Kaussow 2022-09-19 15:17:29 +02:00
parent 3a3cda6c50
commit 94ab1f69e7
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
defaults/main.yml
View File

@ -43,6 +43,9 @@ sshd_max_sessions: 10
sshd_tcp_keep_alive: "yes" sshd_tcp_keep_alive: "yes"
sshd_use_dns: "no" sshd_use_dns: "no"
sshd_rekey_limit_size: "1G"
sshd_rekey_limit_time: "1h"
sshd_crypto_policy_enabled: True sshd_crypto_policy_enabled: True
# @var sshd_challenge_response_authentication:description: > # @var sshd_challenge_response_authentication:description: >

2
templates/etc/ssh/sshd_config.j2
View File

@ -29,7 +29,7 @@ HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying # Ciphers and keying
#RekeyLimit default none RekeyLimit {{ sshd_rekey_limit_size }} {{ sshd_rekey_limit_time }}
{% if sshd_crypto_policy_enabled | bool %} {% if sshd_crypto_policy_enabled | bool %}
# This system is following system-wide crypto policy. The changes to # This system is following system-wide crypto policy. The changes to