[SKIP CI] update readme

This commit is contained in:
Drone Shipper 2019-11-22 23:15:00 +00:00
parent 2f19598af1
commit a8fbe4fc1b

358
README.md
View File

@ -8,33 +8,33 @@ Configure sshd server
## Table of content ## Table of content
* [Default Variables](#default-variables) * [Default Variables](#default-variables)
* [sshd_protocol](#sshd_protocol)
* [sshd_permit_root_login](#sshd_permit_root_login)
* [sshd_permit_empty_passwords](#sshd_permit_empty_passwords)
* [sshd_password_authentication](#sshd_password_authentication)
* [sshd_gssapi_authentication](#sshd_gssapi_authentication)
* [sshd_strict_modes](#sshd_strict_modes)
* [sshd_allow_groups](#sshd_allow_groups)
* [sshd_ignore_rhosts](#sshd_ignore_rhosts)
* [sshd_hostbased_authentication](#sshd_hostbased_authentication)
* [sshd_client_alive_interval](#sshd_client_alive_interval)
* [sshd_client_alive_count_max](#sshd_client_alive_count_max)
* [sshd_ciphers](#sshd_ciphers)
* [sshd_kex](#sshd_kex)
* [sshd_moduli_minimum](#sshd_moduli_minimum)
* [sshd_macs](#sshd_macs)
* [sshd_allow_agent_forwarding](#sshd_allow_agent_forwarding) * [sshd_allow_agent_forwarding](#sshd_allow_agent_forwarding)
* [sshd_x11_forwarding](#sshd_x11_forwarding) * [sshd_allow_groups](#sshd_allow_groups)
* [sshd_allow_tcp_forwarding](#sshd_allow_tcp_forwarding) * [sshd_allow_tcp_forwarding](#sshd_allow_tcp_forwarding)
* [sshd_compression](#sshd_compression)
* [sshd_log_level](#sshd_log_level)
* [sshd_max_auth_tries](#sshd_max_auth_tries)
* [sshd_max_sessions](#sshd_max_sessions)
* [sshd_tcp_keep_alive](#sshd_tcp_keep_alive)
* [sshd_use_dns](#sshd_use_dns)
* [sshd_challenge_response_authentication](#sshd_challenge_response_authentication) * [sshd_challenge_response_authentication](#sshd_challenge_response_authentication)
* [sshd_ciphers](#sshd_ciphers)
* [sshd_client_alive_count_max](#sshd_client_alive_count_max)
* [sshd_client_alive_interval](#sshd_client_alive_interval)
* [sshd_compression](#sshd_compression)
* [sshd_google_auth_enabled](#sshd_google_auth_enabled) * [sshd_google_auth_enabled](#sshd_google_auth_enabled)
* [sshd_google_auth_exclude_group](#sshd_google_auth_exclude_group) * [sshd_google_auth_exclude_group](#sshd_google_auth_exclude_group)
* [sshd_gssapi_authentication](#sshd_gssapi_authentication)
* [sshd_hostbased_authentication](#sshd_hostbased_authentication)
* [sshd_ignore_rhosts](#sshd_ignore_rhosts)
* [sshd_kex](#sshd_kex)
* [sshd_log_level](#sshd_log_level)
* [sshd_macs](#sshd_macs)
* [sshd_max_auth_tries](#sshd_max_auth_tries)
* [sshd_max_sessions](#sshd_max_sessions)
* [sshd_moduli_minimum](#sshd_moduli_minimum)
* [sshd_password_authentication](#sshd_password_authentication)
* [sshd_permit_empty_passwords](#sshd_permit_empty_passwords)
* [sshd_permit_root_login](#sshd_permit_root_login)
* [sshd_protocol](#sshd_protocol)
* [sshd_strict_modes](#sshd_strict_modes)
* [sshd_tcp_keep_alive](#sshd_tcp_keep_alive)
* [sshd_use_dns](#sshd_use_dns)
* [sshd_x11_forwarding](#sshd_x11_forwarding)
* [Dependencies](#dependencies) * [Dependencies](#dependencies)
* [License](#license) * [License](#license)
* [Author](#author) * [Author](#author)
@ -43,52 +43,12 @@ Configure sshd server
## Default Variables ## Default Variables
### sshd_protocol ### sshd_allow_agent_forwarding
#### Default value #### Default value
```YAML ```YAML
sshd_protocol: 2 sshd_allow_agent_forwarding: no
```
### sshd_permit_root_login
#### Default value
```YAML
sshd_permit_root_login: yes
```
### sshd_permit_empty_passwords
#### Default value
```YAML
sshd_permit_empty_passwords: no
```
### sshd_password_authentication
#### Default value
```YAML
sshd_password_authentication: no
```
### sshd_gssapi_authentication
#### Default value
```YAML
sshd_gssapi_authentication: yes
```
### sshd_strict_modes
#### Default value
```YAML
sshd_strict_modes: yes
``` ```
### sshd_allow_groups ### sshd_allow_groups
@ -99,36 +59,22 @@ sshd_strict_modes: yes
sshd_allow_groups: [] sshd_allow_groups: []
``` ```
### sshd_ignore_rhosts ### sshd_allow_tcp_forwarding
#### Default value #### Default value
```YAML ```YAML
sshd_ignore_rhosts: yes sshd_allow_tcp_forwarding: yes
``` ```
### sshd_hostbased_authentication ### sshd_challenge_response_authentication
If you disable password auth you should disable ChallengeResponseAuth also.
#### Default value #### Default value
```YAML ```YAML
sshd_hostbased_authentication: no sshd_challenge_response_authentication: no
```
### sshd_client_alive_interval
#### Default value
```YAML
sshd_client_alive_interval: 900
```
### sshd_client_alive_count_max
#### Default value
```YAML
sshd_client_alive_count_max: 0
``` ```
### sshd_ciphers ### sshd_ciphers
@ -145,61 +91,20 @@ sshd_ciphers:
- aes128-ctr - aes128-ctr
``` ```
### sshd_kex ### sshd_client_alive_count_max
#### Default value #### Default value
```YAML ```YAML
sshd_kex: sshd_client_alive_count_max: 0
- curve25519-sha256@libssh.org
- diffie-hellman-group-exchange-sha256
``` ```
### sshd_moduli_minimum ### sshd_client_alive_interval
#### Default value #### Default value
```YAML ```YAML
sshd_moduli_minimum: 2048 sshd_client_alive_interval: 900
```
### sshd_macs
#### Default value
```YAML
sshd_macs:
- hmac-sha2-512-etm@openssh.com
- hmac-sha2-256-etm@openssh.com
- hmac-ripemd160-etm@openssh.com
- umac-128-etm@openssh.com
- hmac-sha2-512
- hmac-sha2-256
- hmac-ripemd160
```
### sshd_allow_agent_forwarding
#### Default value
```YAML
sshd_allow_agent_forwarding: no
```
### sshd_x11_forwarding
#### Default value
```YAML
sshd_x11_forwarding: yes
```
### sshd_allow_tcp_forwarding
#### Default value
```YAML
sshd_allow_tcp_forwarding: yes
``` ```
### sshd_compression ### sshd_compression
@ -210,56 +115,6 @@ sshd_allow_tcp_forwarding: yes
sshd_compression: delayed sshd_compression: delayed
``` ```
### sshd_log_level
#### Default value
```YAML
sshd_log_level: INFO
```
### sshd_max_auth_tries
#### Default value
```YAML
sshd_max_auth_tries: 6
```
### sshd_max_sessions
#### Default value
```YAML
sshd_max_sessions: 10
```
### sshd_tcp_keep_alive
#### Default value
```YAML
sshd_tcp_keep_alive: yes
```
### sshd_use_dns
#### Default value
```YAML
sshd_use_dns: yes
```
### sshd_challenge_response_authentication
If you disable password auth you should disable ChallengeResponseAuth also.
#### Default value
```YAML
sshd_challenge_response_authentication: no
```
### sshd_google_auth_enabled ### sshd_google_auth_enabled
Google Authenticator required ChallengeResponseAuth! Google Authenticator required ChallengeResponseAuth!
@ -286,6 +141,151 @@ sshd_google_auth_exclude_group: _unset_
sshd_google_auth_exclude_group: my_group sshd_google_auth_exclude_group: my_group
``` ```
### sshd_gssapi_authentication
#### Default value
```YAML
sshd_gssapi_authentication: yes
```
### sshd_hostbased_authentication
#### Default value
```YAML
sshd_hostbased_authentication: no
```
### sshd_ignore_rhosts
#### Default value
```YAML
sshd_ignore_rhosts: yes
```
### sshd_kex
#### Default value
```YAML
sshd_kex:
- curve25519-sha256@libssh.org
- diffie-hellman-group-exchange-sha256
```
### sshd_log_level
#### Default value
```YAML
sshd_log_level: INFO
```
### sshd_macs
#### Default value
```YAML
sshd_macs:
- hmac-sha2-512-etm@openssh.com
- hmac-sha2-256-etm@openssh.com
- hmac-ripemd160-etm@openssh.com
- umac-128-etm@openssh.com
- hmac-sha2-512
- hmac-sha2-256
- hmac-ripemd160
```
### sshd_max_auth_tries
#### Default value
```YAML
sshd_max_auth_tries: 6
```
### sshd_max_sessions
#### Default value
```YAML
sshd_max_sessions: 10
```
### sshd_moduli_minimum
#### Default value
```YAML
sshd_moduli_minimum: 2048
```
### sshd_password_authentication
#### Default value
```YAML
sshd_password_authentication: no
```
### sshd_permit_empty_passwords
#### Default value
```YAML
sshd_permit_empty_passwords: no
```
### sshd_permit_root_login
#### Default value
```YAML
sshd_permit_root_login: yes
```
### sshd_protocol
#### Default value
```YAML
sshd_protocol: 2
```
### sshd_strict_modes
#### Default value
```YAML
sshd_strict_modes: yes
```
### sshd_tcp_keep_alive
#### Default value
```YAML
sshd_tcp_keep_alive: yes
```
### sshd_use_dns
#### Default value
```YAML
sshd_use_dns: yes
```
### sshd_x11_forwarding
#### Default value
```YAML
sshd_x11_forwarding: yes
```
## Dependencies ## Dependencies
None. None.