Turgon37.ssh_server
Ansible Role SSH Server
Description
:grey_exclamation: Before using this role, remember that all my Ansible roles are designed for my specific IT setup. They may not work perfectly for you, so please review them carefully before using them on your servers.
This role helps you set up and configure an SSH server.
Requirements
You need Ansible version 2.4 or higher.
Dependencies
Supported Operating Systems
This role works on Debian and CentOS.
Features
Currently, this role can:
- Install the SSH daemon (sshd).
- Configure the SSH daemon (sshd).
- Remove weak prime numbers from initial moduli.
- Create local facts.
Role Variables
You can customize many settings for the role. These settings are found in the defaults/main.yml file and the table below. Check this file for default values.
Most variables align with the standard sshd configuration guidelines. Refer to the manual for more details.
| Variable Name | Type/Value | Description |
|---|---|---|
ssh_server__facts |
Boolean | Install the local fact script |
ssh_server__moduli_minimum |
Integer | Minimum size of prime numbers to keep in the moduli file |
ssh_server__service_enabled |
Boolean | Enable or disable the SSH service |
| More variables related to SSH settings described below... |
Detailed Variable Descriptions
This role has many configurations for SSH, including security settings, authentication methods, and user access controls. For example:
ssh_server__permit_root_login: Controls if the root user can log in.ssh_server__max_auth_tries: The maximum number of authentication attempts allowed.ssh_server__authorized_keys: Path to authorized keys for SSH access.
Matches
You can set specific SSH rules using the ssh_server__match_list_global/group/host variable. Each item in this list should look like this:
ssh_server__match_list_global:
- match: "criteria"
options:
- AllowUsers username
This allows more granular control over SSH permissions based on various criteria.
Facts
The local facts will be installed by default and provide these variables:
ansible_local.ssh_server:
version_full: '7.9p1'
version_major: '7'
Example
Playbook
Use this role in your playbook like this:
- hosts: all
roles:
- turgon37.ssh_server
Inventory Example
Set up your inventory with the following examples:
ssh_server__allow_tcp_forwarding: false
ssh_server__permit_root_login: false
ssh_server__match_list_global:
- match: "LocalAddress 127.0.0.1"
options:
- AuthenticationMethods publickey,password
Example for FreeIPA Configuration
You can configure FreeIPA settings like this:
ssh_server__authorized_keys: '/dev/null'
ssh_server__pubkey_authentication: true
ssh_server__gssapi_authentication: true
This provides a simple yet comprehensive way to set up an SSH server using Ansible!
ansible-galaxy install Turgon37.ssh_server