Go to file
Robert Kaussow 8858e7c47a
Some checks failed
ci/woodpecker/push/lint Pipeline failed
ci/woodpecker/push/test unknown status
ci/woodpecker/push/docs unknown status
ci/woodpecker/push/notify Pipeline was successful
chore: cleanup loop control var for ucs registry
2024-09-29 14:10:27 +02:00
.woodpecker refctor: rework ci to ue ansible-lint and fix molecule 2024-08-19 16:06:14 +02:00
defaults feat: add option to customize sshd port 2024-09-16 09:32:50 +02:00
handlers ci: migrate to woodpecker 2024-02-18 13:22:43 +01:00
meta refctor: rework ci to ue ansible-lint and fix molecule 2024-08-19 16:06:14 +02:00
molecule/default refctor: rework ci to ue ansible-lint and fix molecule 2024-08-19 16:06:14 +02:00
tasks chore: cleanup loop control var for ucs registry 2024-09-29 14:10:27 +02:00
templates/etc feat: add option to customize sshd port 2024-09-16 09:32:50 +02:00
.gitignore ci: migrate to woodpecker 2024-02-18 13:22:43 +01:00
.markdownlint.yml ci: migrate to woodpecker 2024-02-18 13:22:43 +01:00
.prettierignore ci: migrate to woodpecker 2024-02-18 13:22:43 +01:00
.yamllint refctor: rework ci to ue ansible-lint and fix molecule 2024-08-19 16:06:14 +02:00
LICENSE chore: end of the year maintenance [skip ci] 2021-12-21 10:45:45 +01:00
pyproject.toml ci: migrate to woodpecker 2024-02-18 13:22:43 +01:00
README.md [skip ci] automated docs update 2024-09-16 07:38:14 +00:00
requirements.yml refctor: rework ci to ue ansible-lint and fix molecule 2024-08-19 16:06:14 +02:00

xoxys.sshd

Build Status License: MIT

Configure sshd server.

Table of content


Requirements

  • Minimum Ansible version: 2.10

Default Variables

sshd_allow_agent_forwarding

Default value

sshd_allow_agent_forwarding: no

sshd_allow_groups

Default value

sshd_allow_groups: []

sshd_allow_tcp_forwarding

Default value

sshd_allow_tcp_forwarding: yes

sshd_challenge_response_authentication

If you disable password auth you should disable ChallengeResponseAuth also.

Default value

sshd_challenge_response_authentication: no

sshd_ciphers

Default value

sshd_ciphers:
  - chacha20-poly1305@openssh.com
  - aes256-gcm@openssh.com
  - aes128-gcm@openssh.com
  - aes256-ctr
  - aes192-ctr
  - aes128-ctr

sshd_client_alive_count_max

Default value

sshd_client_alive_count_max: 0

sshd_client_alive_interval

Default value

sshd_client_alive_interval: 900

sshd_compression

Default value

sshd_compression: delayed

sshd_crypto_policy_enabled

Default value

sshd_crypto_policy_enabled: true

sshd_google_auth_enabled

Google Authenticator required ChallengeResponseAuth!

Default value

sshd_google_auth_enabled: false

sshd_google_auth_exclude_group

Exclude a group from 2FA auth

Default value

sshd_google_auth_exclude_group: _unset_

Example usage

sshd_google_auth_exclude_group: my_group

sshd_gssapi_authentication

Default value

sshd_gssapi_authentication: no

sshd_hostbased_authentication

Default value

sshd_hostbased_authentication: no

sshd_ignore_rhosts

Default value

sshd_ignore_rhosts: yes

sshd_kex

Default value

sshd_kex:
  - curve25519-sha256@libssh.org
  - diffie-hellman-group-exchange-sha256

sshd_log_level

Default value

sshd_log_level: INFO

sshd_login_grace_time

Default value

sshd_login_grace_time: 60

sshd_macs

Default value

sshd_macs:
  - hmac-sha2-512-etm@openssh.com
  - hmac-sha2-256-etm@openssh.com
  - umac-128-etm@openssh.com
  - hmac-sha2-512
  - hmac-sha2-256
  - umac-128@openssh.com

sshd_max_auth_tries

Default value

sshd_max_auth_tries: 6

sshd_max_sessions

Default value

sshd_max_sessions: 10

sshd_max_startups

Default value

sshd_max_startups: 10:30:60

sshd_moduli_minimum

Default value

sshd_moduli_minimum: 2048

sshd_password_authentication

Default value

sshd_password_authentication: no

sshd_permit_empty_passwords

Default value

sshd_permit_empty_passwords: no

sshd_permit_root_login

Default value

sshd_permit_root_login: yes

sshd_port

Default value

sshd_port: 22

sshd_protocol

Default value

sshd_protocol: 2

sshd_strict_modes

Default value

sshd_strict_modes: yes

sshd_tcp_keep_alive

Default value

sshd_tcp_keep_alive: yes

sshd_use_dns

Default value

sshd_use_dns: no

sshd_x11_forwarding

Default value

sshd_x11_forwarding: yes

Dependencies

None.

License

MIT

Author

Robert Kaussow