Go to file
Robert Kaussow 2f19598af1
All checks were successful
continuous-integration/drone/push Build is passing
cleanup pipeline
2019-11-22 23:59:05 +01:00
defaults fix typo 2019-11-02 20:14:55 +01:00
handlers initial commit 2019-11-02 19:10:39 +01:00
meta override meta author for readme 2019-11-07 09:24:51 +01:00
molecule fix oct file permissions test 2019-11-02 20:07:47 +01:00
tasks initial commit 2019-11-02 19:10:39 +01:00
templates/etc/ssh fix template path 2019-11-02 19:19:31 +01:00
.drone.jsonnet cleanup pipeline 2019-11-22 23:59:05 +01:00
.drone.yml cleanup pipeline 2019-11-22 23:59:05 +01:00
.gitignore initial commit 2019-11-02 19:10:39 +01:00
.later.yml cleanup pipeline 2019-11-22 23:59:05 +01:00
HEADER.md initial commit 2019-11-02 19:10:39 +01:00
LICENSE initial commit 2019-11-02 19:10:39 +01:00
README.md [SKIP CI] update readme 2019-11-07 08:39:50 +00:00

xoxys.sshd

Build Status

Configure sshd server

Table of content


Default Variables

sshd_protocol

Default value

sshd_protocol: 2

sshd_permit_root_login

Default value

sshd_permit_root_login: yes

sshd_permit_empty_passwords

Default value

sshd_permit_empty_passwords: no

sshd_password_authentication

Default value

sshd_password_authentication: no

sshd_gssapi_authentication

Default value

sshd_gssapi_authentication: yes

sshd_strict_modes

Default value

sshd_strict_modes: yes

sshd_allow_groups

Default value

sshd_allow_groups: []

sshd_ignore_rhosts

Default value

sshd_ignore_rhosts: yes

sshd_hostbased_authentication

Default value

sshd_hostbased_authentication: no

sshd_client_alive_interval

Default value

sshd_client_alive_interval: 900

sshd_client_alive_count_max

Default value

sshd_client_alive_count_max: 0

sshd_ciphers

Default value

sshd_ciphers:
  - chacha20-poly1305@openssh.com
  - aes256-gcm@openssh.com
  - aes128-gcm@openssh.com
  - aes256-ctr
  - aes192-ctr
  - aes128-ctr

sshd_kex

Default value

sshd_kex:
  - curve25519-sha256@libssh.org
  - diffie-hellman-group-exchange-sha256

sshd_moduli_minimum

Default value

sshd_moduli_minimum: 2048

sshd_macs

Default value

sshd_macs:
  - hmac-sha2-512-etm@openssh.com
  - hmac-sha2-256-etm@openssh.com
  - hmac-ripemd160-etm@openssh.com
  - umac-128-etm@openssh.com
  - hmac-sha2-512
  - hmac-sha2-256
  - hmac-ripemd160

sshd_allow_agent_forwarding

Default value

sshd_allow_agent_forwarding: no

sshd_x11_forwarding

Default value

sshd_x11_forwarding: yes

sshd_allow_tcp_forwarding

Default value

sshd_allow_tcp_forwarding: yes

sshd_compression

Default value

sshd_compression: delayed

sshd_log_level

Default value

sshd_log_level: INFO

sshd_max_auth_tries

Default value

sshd_max_auth_tries: 6

sshd_max_sessions

Default value

sshd_max_sessions: 10

sshd_tcp_keep_alive

Default value

sshd_tcp_keep_alive: yes

sshd_use_dns

Default value

sshd_use_dns: yes

sshd_challenge_response_authentication

If you disable password auth you should disable ChallengeResponseAuth also.

Default value

sshd_challenge_response_authentication: no

sshd_google_auth_enabled

Google Authenticator required ChallengeResponseAuth!

Default value

sshd_google_auth_enabled: false

sshd_google_auth_exclude_group

Exclude a group from 2FA auth

Default value

sshd_google_auth_exclude_group: _unset_

Example usage

sshd_google_auth_exclude_group: my_group

Dependencies

None.

License

MIT

Author

xoxys