From ce434c29d7a31e06f64521e32a137adaf75d8d7e Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Mon, 19 Sep 2022 15:49:40 +0200
Subject: [PATCH] feat: add option for LoginGraceTime and MaxStartups

---
 defaults/main.yml                | 2 ++
 templates/etc/ssh/sshd_config.j2 | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 1b35963..629037b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -42,6 +42,8 @@ sshd_max_auth_tries: 6
 sshd_max_sessions: 10
 sshd_tcp_keep_alive: "yes"
 sshd_use_dns: "no"
+sshd_login_grace_time: 60
+sshd_max_startups: "10:30:60"
 
 sshd_crypto_policy_enabled: True
 
diff --git a/templates/etc/ssh/sshd_config.j2 b/templates/etc/ssh/sshd_config.j2
index 3a8333b..5a2ffa1 100644
--- a/templates/etc/ssh/sshd_config.j2
+++ b/templates/etc/ssh/sshd_config.j2
@@ -50,7 +50,7 @@ LogLevel {{ sshd_log_level }}
 
 # Authentication:
 
-#LoginGraceTime 2m
+LoginGraceTime {{ sshd_login_grace_time }}
 PermitRootLogin {{ sshd_permit_root_login }}
 StrictModes {{ sshd_strict_modes }}
 {% if sshd_allow_groups %}
@@ -136,7 +136,7 @@ ClientAliveInterval {{ sshd_client_alive_interval }}
 ClientAliveCountMax {{ sshd_client_alive_count_max }}
 UseDNS {{ sshd_use_dns }}
 #PidFile /var/run/sshd.pid
-#MaxStartups 10:30:100
+MaxStartups {{ sshd_max_startups }}
 #PermitTunnel no
 #ChrootDirectory none
 #VersionAddendum none