adambirds.configure-sshd

ansible-role-sshd

This role sets up the SSH daemon (sshd).

Requirements

There are no special requirements.

Role Variables

Variable Description Default Value
sshd_user Username for sshd sshd
sshd_group Group name for sshd {{ __sshd_group }}
sshd_service Service name for sshd {{ __sshd_service }}
sshd_conf_dir Directory for sshd configuration files {{ __sshd_conf_dir }}
sshd_conf Path to the SSH configuration file {{ sshd_conf_dir }}/sshd_config
sshd_sftp_server Path to the SFTP server {{ __sshd_sftp_server }}
sshd_config Configuration settings for sshd {"PermitRootLogin"=>"without-password", "PasswordAuthentication"=>"no", "UseDNS"=>"no", "UsePAM"=>"no", "Subsystem"=>"sftp {{ sshd_sftp_server }}"}
sshd_config_pre Settings before the main sshd_config ""
sshd_config_post Settings after the main sshd_config ""
sshd_config_match List of conditions for specific configurations []

ssh_config_match

This variable creates specific Match blocks.

Key Value
condition Condition for the Match block
keyword Dictionary of settings and their values

Example:

sshd_config_match:
  - condition: User foo
    keyword:
      X11Forwarding: "yes"

This generates:

Match User foo
  X11Forwarding yes

Defaults for Different Systems

Debian

Variable Default Value
__sshd_group ssh
__sshd_conf_dir /etc/ssh
__sshd_sftp_server /usr/lib/sftp-server
__sshd_service ssh

FreeBSD

Variable Default Value
__sshd_group sshd
__sshd_conf_dir /etc/ssh
__sshd_sftp_server /usr/libexec/sftp-server
__sshd_service sshd

OpenBSD

Variable Default Value
__sshd_group sshd
__sshd_conf_dir /etc/ssh
__sshd_sftp_server /usr/libexec/sftp-server
__sshd_service sshd

RedHat

Variable Default Value
__sshd_group ssh
__sshd_conf_dir /etc/ssh
__sshd_sftp_server /usr/lib/sftp-server
__sshd_service sshd.service

Dependencies

There are no dependencies.

Example Playbook

- hosts: localhost
  roles:
    - ansible-role-sshd
  vars:
    sshd_config:
      PermitRootLogin: without-password
      PasswordAuthentication: "no"
      Port: 22
      UseDNS: "no"
      UsePAM: "no"
      Subsystem: "sftp {{ sshd_sftp_server }}"
    sshd_config_match:
      - condition: User foo
        keyword:
          X11Forwarding: "yes"
      - condition: User bar
        keyword:
          X11Forwarding: "no"
    sshd_config_pre: |
      Port 2022
    sshd_config_post: |
      Match Address 192.168.1.1
        PasswordAuthentication yes

License

Copyright (c) 2016 Tomoyuki Sakurai <[email protected]>

You can use, copy, modify, and share this software for any purpose, free of charge, as long as you include the copyright notice above.

THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND. THE AUTHOR IS NOT LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OF THIS SOFTWARE.

Author Information

Tomoyuki Sakurai tomoyukis@reallyenglish.com

This README was created using ansible-role-init.

Informazioni sul progetto

Configures sshd

Installa
ansible-galaxy install adambirds.configure-sshd
Licenza
isc
Download
153
Proprietario
I am a Python and TypeScript Developer. Currently studying for a Computing & IT (Software) degree. Owner of @adb-web-designs and @VastDesk.