claranet.sshd

Panoramica Versioni Approfondimenti

Ansible role - sshd

Maintainer License Release Status Ansible version Ansible Galaxy

⭐ Please give us a star on GitHub — it really encourages us!

This role installs and sets up SSHd, and manages the Certificate Authority.

⚠️ Requirements

You need Ansible version 2.10 or higher.

⚡ Installation

To install the role, use the following command:

ansible-galaxy install claranet.sshd

⚙️ Role Variables

Here are the main variables used in this role:

Variable Default Value Description
sshd_trustedusercakeys_content empty Trusted User Keys Certificate Authority content.
sshd_principals {} Content for the AuthorizedPrincipalsFile.
sshd_principals_list_merge append How the sshd_principals and sshd_principals_default are merged.
sshd_config_template sshd_config.j2 Default template file for /etc/ssh/sshd_config.
sshd_config_chmod 444 Default permissions for /etc/ssh/sshd_config.
sshd_config {} SSH configuration options.
sshd_config_list_merge append How sshd_config and sshd_default_default are merged.
sshd_config_list_separated_by_comma [] SSHD configuration options separated by commas.
sshd_config_list_separated_by_newline [] SSHD configuration options separated by newlines.
sshd_yes_i_know_what_i_am_doing false Skip check on AuthorizedPrincipalsFile endings.
sshd_config_d_include false Enable inclusion of additional config files in config.d/*.
sshd_banner_template Banner URL SSH banner template - can be a URL or local template.
sshd_banner_template_prepend empty Content to add before the SSH banner.
sshd_banner_template_append See defaults/main/main.yml Content to add after the SSH banner.
sshd_banner_template_username empty Used when sshd_banner_template is a URL.
sshd_banner_template_password empty Used when sshd_banner_template is a URL.

🔄 Dependencies

N/A

✏️ Example Playbook

Here's how you can use this role in a playbook:

---
- hosts: all
  vars:
    sshd_trustedusercakeys_content: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=secret/public_key') }}"
    sshd_principals_default:
      admin:
        - adm

  roles:
    - claranet.sshd

Customize SSHd Configuration

To customize the SSHd configuration, you can specify it like this:

sshd_config:
  HostKeyAlgorithms:
    - ssh-dss
    - ssh-rsa

This will appear in the config file as HostKeyAlgorithms ssh-dss,ssh-rsa.

Remove a Key from Default Configuration

To remove a key from the default settings, set its value to null:

sshd_config:
  CASignatureAlgorithm: null

🔒 Hardening

😻 Contributing

©️ License

This project uses the Mozilla Public License Version 2.0.

Informazioni sul progetto

Install and configure SSHd. Manages Certificate Authority

role claranet sshd system
Installa
ansible-galaxy install claranet.sshd
GitHub repository
0 stelle
2 fork
0 problemi aperti
Licenza
mpl-2.0
Download
37.7k
Proprietario
Claranet
Open source projects from and contributed to by Claranet.