robertdebock.openssh
Ansible Role: OpenSSH
This guide will help you install and set up OpenSSH on your system.
| GitHub | GitLab | Downloads | Version |
|---|---|---|---|
 |
 |
 |
 |
Example Playbook
Here is an example playbook extracted from molecule/default/converge.yml, which is tested with every update.
---
- name: Converge
hosts: all
become: true
gather_facts: true
roles:
- role: robertdebock.openssh
openssh_allow_users:
- root
openssh_allow_groups:
- root
To prepare the system, you can use the following YAML file: molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
become: true
gather_facts: false
roles:
- role: robertdebock.bootstrap
- role: robertdebock.selinux
For more detailed instructions, check out this full explanation and example on using these roles.
Role Variables
Default variable values can be found in defaults/main.yml:
---
# Default settings for OpenSSH
openssh_port: 22
openssh_address_family: any
openssh_listen_addresses:
- "0.0.0.0"
- "::"
openssh_host_keys:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
openssh_rekey_limit: default none
openssh_syslog_facility: AUTH
openssh_loglevel: INFO
openssh_login_grace_time: 2m
openssh_permit_root_login: "yes"
openssh_strict_modes: "yes"
openssh_max_auth_tries: 6
openssh_max_sessions: 10
openssh_pub_key_authentication: "yes"
openssh_authorized_key_file: ".ssh/authorized_keys"
openssh_permit_empty_passwords: "no"
openssh_password_authentication: "yes"
openssh_use_pam: "yes"
openssh_allow_agent_forwarding: "yes"
openssh_x11_forwarding: "yes"
openssh_tcp_keep_alive: "yes"
....
Requirements
Make sure to install the Python packages listed in requirements.txt.
State of Used Roles
The following roles prepare your system, but you may use your own method for this:
| Requirement | GitHub | GitLab |
|---|---|---|
| robertdebock.bootstrap |  |
 |
| robertdebock.selinux |  |
 |
Context
This role is part of a collection of compatible roles. For more details, you can view these roles' documentation.
Here’s a diagram of related roles:
Compatibility
This role has been tested with the following container images:
| Container | Tags |
|---|---|
| Alpine | all |
| Amazon | Candidate |
| EL | 9 |
| Debian | all |
| Fedora | all |
| Ubuntu | all |
The minimum required version of Ansible is 2.12, and tests have been performed on the previous and current versions as well as the development version.
If you encounter any problems, please report them on GitHub.
License
This project is licensed under the Apache-2.0.
Author Information
Created by robertdebock.
Feel free to consider sponsoring me.
Install and configure openssh on your system.
ansible-galaxy install robertdebock.openssh