Go to file
Robert Kaussow feda1af765
All checks were successful
continuous-integration/drone/push Build is passing
force run
2020-01-22 23:24:47 +01:00
defaults fix typo 2019-11-02 20:14:55 +01:00
handlers initial commit 2019-11-02 19:10:39 +01:00
meta override meta author for readme 2019-11-07 09:24:51 +01:00
molecule refactor docs 2020-01-22 22:36:03 +01:00
tasks initial commit 2019-11-02 19:10:39 +01:00
templates/etc/ssh fix template path 2019-11-02 19:19:31 +01:00
.drone.jsonnet force run 2020-01-22 23:24:47 +01:00
.drone.yml refactor docs 2020-01-22 22:08:45 +01:00
.gitignore initial commit 2019-11-02 19:10:39 +01:00
.later.yml cleanup pipeline 2019-11-22 23:59:05 +01:00
LICENSE initial commit 2019-11-02 19:10:39 +01:00
README.md [SKIP CI] update readme 2019-11-22 23:15:00 +00:00

xoxys.sshd

Build Status

Configure sshd server

Table of content


Default Variables

sshd_allow_agent_forwarding

Default value

sshd_allow_agent_forwarding: no

sshd_allow_groups

Default value

sshd_allow_groups: []

sshd_allow_tcp_forwarding

Default value

sshd_allow_tcp_forwarding: yes

sshd_challenge_response_authentication

If you disable password auth you should disable ChallengeResponseAuth also.

Default value

sshd_challenge_response_authentication: no

sshd_ciphers

Default value

sshd_ciphers:
  - chacha20-poly1305@openssh.com
  - aes256-gcm@openssh.com
  - aes128-gcm@openssh.com
  - aes256-ctr
  - aes192-ctr
  - aes128-ctr

sshd_client_alive_count_max

Default value

sshd_client_alive_count_max: 0

sshd_client_alive_interval

Default value

sshd_client_alive_interval: 900

sshd_compression

Default value

sshd_compression: delayed

sshd_google_auth_enabled

Google Authenticator required ChallengeResponseAuth!

Default value

sshd_google_auth_enabled: false

sshd_google_auth_exclude_group

Exclude a group from 2FA auth

Default value

sshd_google_auth_exclude_group: _unset_

Example usage

sshd_google_auth_exclude_group: my_group

sshd_gssapi_authentication

Default value

sshd_gssapi_authentication: yes

sshd_hostbased_authentication

Default value

sshd_hostbased_authentication: no

sshd_ignore_rhosts

Default value

sshd_ignore_rhosts: yes

sshd_kex

Default value

sshd_kex:
  - curve25519-sha256@libssh.org
  - diffie-hellman-group-exchange-sha256

sshd_log_level

Default value

sshd_log_level: INFO

sshd_macs

Default value

sshd_macs:
  - hmac-sha2-512-etm@openssh.com
  - hmac-sha2-256-etm@openssh.com
  - hmac-ripemd160-etm@openssh.com
  - umac-128-etm@openssh.com
  - hmac-sha2-512
  - hmac-sha2-256
  - hmac-ripemd160

sshd_max_auth_tries

Default value

sshd_max_auth_tries: 6

sshd_max_sessions

Default value

sshd_max_sessions: 10

sshd_moduli_minimum

Default value

sshd_moduli_minimum: 2048

sshd_password_authentication

Default value

sshd_password_authentication: no

sshd_permit_empty_passwords

Default value

sshd_permit_empty_passwords: no

sshd_permit_root_login

Default value

sshd_permit_root_login: yes

sshd_protocol

Default value

sshd_protocol: 2

sshd_strict_modes

Default value

sshd_strict_modes: yes

sshd_tcp_keep_alive

Default value

sshd_tcp_keep_alive: yes

sshd_use_dns

Default value

sshd_use_dns: yes

sshd_x11_forwarding

Default value

sshd_x11_forwarding: yes

Dependencies

None.

License

MIT

Author

xoxys