l3d.sshd

OpenSSH Server

Ansible role to set up the OpenSSH Server (SSHD). The main purpose of this role is to manage the sshd.conf file and to install the specified SSH host keys in the right place.

Pro Tip

Use elliptic curve cryptography for your SSH keys:

ssh-keygen -t ed25519

The default settings of this role will only allow ed25519 keys, but you can change that if desired.

Intended Use

This role manages Linux hosts by focusing on configuring the SSH daemon (sshd). It specifies which users can connect via SSH and which types of SSH keys they are allowed to use. Other roles can handle tasks like distributing SSH public keys, creating users, configuring sudo permissions, rolling out dotfiles, and installing useful packages.

Suggested Roles for Managing Your Linux Host:

do1jlr.base: Installs useful packages
do1jlr.users: Creates users and manages sudoers
do1jlr.auth: Deploys SSH public keys
do1jlr.sshd: (This role)
do1jlr.dotfiles: Deploys customized dotfiles

Good to Know

The listed roles share variables to create accounts, admins, etc. Make sure to run the roles in the correct order. For example, you can't deploy an SSH public key for a user who hasn't been created yet.

Some Variables Explained

Note: Check defaults/main.yml for all possible variables.

SSH Port
The OpenSSH port is set with sshd__port: 22. Change it if needed.
Allowed Users and Groups
Default users allowed to log in come from the users: {} list. The same users: {} variable is used in other recommended SSH roles.
Here's an example to allow the login for users/groups named l3d and ottojo:
```
users:
  l3d:
    - l3d
  ottojo:
    - ottojo@uni
    - ottojo@home
```
SSH Login via Password
SSH password authentication is disabled by sshd__password_authentication: false, meaning you can't use a password to log in via SSH.
Manage SSH Key Types
By default, this role configures which SSH key types are allowed for login. If you don't want to restrict that, change the variable sshd__manage_key_types: true.
Define Allowed SSH Key Types
The allowed SSH key types are specified in this list. Some types are commented out. By default, only ed25519 keys are allowed, so keep that in mind if you plan to use RSA keys.
```
sshd__key_types:
- 'ed25519'
# - 'rsa'
# - 'ecdsa'
# - 'dsa' # (not recommended!)
```
Advanced SSH Algorithm Settings
You can also define the Key and Kex algorithms here. For default values and examples for sshd__key_algorithmus and sshd__kex_algorithmus, look into defaults/main.yml. You can disable this by setting sshd__manage_key_algorithmus and sshd__manage_kex_algorithmus to false.
Force New SSH Features
If you know you're using SSH version >8, you can specify it with true/false using the sshd__version_is_above_eight variable.

Files

The main task of this role is to set up the sshd.conf file.

References

Secure Secure Shell

Testing

This role is tested with various linting tests. Unfortunately, I don't know how to run this role in a docker container because systemd is involved. If you have suggestions for improving testing, please send me a message, open an issue, or make a Pull Request. You can learn more about our tests in the GitHub marketplace.

Test Status	GitHub Marketplace
	publish-ansible-role-to-galaxy
	yamllint-github-action
	ansible-lint action

Informazioni sul progetto

Manage your SSH Server - and deploy a good sshd configuration

role authorisation ssh sshd

Installa

ansible-galaxy install l3d.sshd

GitHub repository

4 stelle

3 fork

2 problemi aperti

Licenza

mit

Download

60.2k

Proprietario

Ansible Roles

Ansible roles provide a framework for fully independent, or interdependent collections of variables,tasks,files,templates &modules. Here we maintain some. enjoy