commit feda1af765

Author: Robert Kaussow <mail@geeklabor.de>
Date:   Wed Jan 22 23:24:47 2020 +0100

    force run

index.md

@@ -0,0 +1,287 @@
+---
+title: sshd
+type: docs
+---
+
+Configure sshd server
+
+* [Default Variables](#default-variables)
+  * [sshd_allow_agent_forwarding](#sshd-allow-agent-forwarding)
+  * [sshd_allow_groups](#sshd-allow-groups)
+  * [sshd_allow_tcp_forwarding](#sshd-allow-tcp-forwarding)
+  * [sshd_challenge_response_authentication](#sshd-challenge-response-authentication)
+  * [sshd_ciphers](#sshd-ciphers)
+  * [sshd_client_alive_count_max](#sshd-client-alive-count-max)
+  * [sshd_client_alive_interval](#sshd-client-alive-interval)
+  * [sshd_compression](#sshd-compression)
+  * [sshd_google_auth_enabled](#sshd-google-auth-enabled)
+  * [sshd_google_auth_exclude_group](#sshd-google-auth-exclude-group)
+  * [sshd_gssapi_authentication](#sshd-gssapi-authentication)
+  * [sshd_hostbased_authentication](#sshd-hostbased-authentication)
+  * [sshd_ignore_rhosts](#sshd-ignore-rhosts)
+  * [sshd_kex](#sshd-kex)
+  * [sshd_log_level](#sshd-log-level)
+  * [sshd_macs](#sshd-macs)
+  * [sshd_max_auth_tries](#sshd-max-auth-tries)
+  * [sshd_max_sessions](#sshd-max-sessions)
+  * [sshd_moduli_minimum](#sshd-moduli-minimum)
+  * [sshd_password_authentication](#sshd-password-authentication)
+  * [sshd_permit_empty_passwords](#sshd-permit-empty-passwords)
+  * [sshd_permit_root_login](#sshd-permit-root-login)
+  * [sshd_protocol](#sshd-protocol)
+  * [sshd_strict_modes](#sshd-strict-modes)
+  * [sshd_tcp_keep_alive](#sshd-tcp-keep-alive)
+  * [sshd_use_dns](#sshd-use-dns)
+  * [sshd_x11_forwarding](#sshd-x11-forwarding)
+* [Dependencies](#dependencies)
+
+---
+
+## Default Variables
+
+### sshd_allow_agent_forwarding
+
+#### Default value
+
+```YAML
+sshd_allow_agent_forwarding: no
+```
+
+### sshd_allow_groups
+
+#### Default value
+
+```YAML
+sshd_allow_groups: []
+```
+
+### sshd_allow_tcp_forwarding
+
+#### Default value
+
+```YAML
+sshd_allow_tcp_forwarding: yes
+```
+
+### sshd_challenge_response_authentication
+
+If you disable password auth you should disable ChallengeResponseAuth also.
+
+#### Default value
+
+```YAML
+sshd_challenge_response_authentication: no
+```
+
+### sshd_ciphers
+
+#### Default value
+
+```YAML
+sshd_ciphers:
+  - chacha20-poly1305@openssh.com
+  - aes256-gcm@openssh.com
+  - aes128-gcm@openssh.com
+  - aes256-ctr
+  - aes192-ctr
+  - aes128-ctr
+```
+
+### sshd_client_alive_count_max
+
+#### Default value
+
+```YAML
+sshd_client_alive_count_max: 0
+```
+
+### sshd_client_alive_interval
+
+#### Default value
+
+```YAML
+sshd_client_alive_interval: 900
+```
+
+### sshd_compression
+
+#### Default value
+
+```YAML
+sshd_compression: delayed
+```
+
+### sshd_google_auth_enabled
+
+Google Authenticator required ChallengeResponseAuth!
+
+#### Default value
+
+```YAML
+sshd_google_auth_enabled: false
+```
+
+### sshd_google_auth_exclude_group
+
+Exclude a group from 2FA auth
+
+#### Default value
+
+```YAML
+sshd_google_auth_exclude_group: _unset_
+```
+
+#### Example usage
+
+```YAML
+sshd_google_auth_exclude_group: my_group
+```
+
+### sshd_gssapi_authentication
+
+#### Default value
+
+```YAML
+sshd_gssapi_authentication: yes
+```
+
+### sshd_hostbased_authentication
+
+#### Default value
+
+```YAML
+sshd_hostbased_authentication: no
+```
+
+### sshd_ignore_rhosts
+
+#### Default value
+
+```YAML
+sshd_ignore_rhosts: yes
+```
+
+### sshd_kex
+
+#### Default value
+
+```YAML
+sshd_kex:
+  - curve25519-sha256@libssh.org
+  - diffie-hellman-group-exchange-sha256
+```
+
+### sshd_log_level
+
+#### Default value
+
+```YAML
+sshd_log_level: INFO
+```
+
+### sshd_macs
+
+#### Default value
+
+```YAML
+sshd_macs:
+  - hmac-sha2-512-etm@openssh.com
+  - hmac-sha2-256-etm@openssh.com
+  - hmac-ripemd160-etm@openssh.com
+  - umac-128-etm@openssh.com
+  - hmac-sha2-512
+  - hmac-sha2-256
+  - hmac-ripemd160
+```
+
+### sshd_max_auth_tries
+
+#### Default value
+
+```YAML
+sshd_max_auth_tries: 6
+```
+
+### sshd_max_sessions
+
+#### Default value
+
+```YAML
+sshd_max_sessions: 10
+```
+
+### sshd_moduli_minimum
+
+#### Default value
+
+```YAML
+sshd_moduli_minimum: 2048
+```
+
+### sshd_password_authentication
+
+#### Default value
+
+```YAML
+sshd_password_authentication: no
+```
+
+### sshd_permit_empty_passwords
+
+#### Default value
+
+```YAML
+sshd_permit_empty_passwords: no
+```
+
+### sshd_permit_root_login
+
+#### Default value
+
+```YAML
+sshd_permit_root_login: yes
+```
+
+### sshd_protocol
+
+#### Default value
+
+```YAML
+sshd_protocol: 2
+```
+
+### sshd_strict_modes
+
+#### Default value
+
+```YAML
+sshd_strict_modes: yes
+```
+
+### sshd_tcp_keep_alive
+
+#### Default value
+
+```YAML
+sshd_tcp_keep_alive: yes
+```
+
+### sshd_use_dns
+
+#### Default value
+
+```YAML
+sshd_use_dns: yes
+```
+
+### sshd_x11_forwarding
+
+#### Default value
+
+```YAML
+sshd_x11_forwarding: yes
+```
+
+## Dependencies
+
+None.