Temelio.sftp
sftp
Install sftp package.
Requirements
This role requires Ansible 2.4 or higher, and platform requirements are listed in the metadata file.
It should work on older Ansible version, but without garanty.
Testing
This role use Molecule to run tests.
Locally, you can run tests on Docker (default driver) or Vagrant. Travis run tests using Docker driver only.
Currently, tests are done on:
- Debian Jessie
- Ubuntu Trusty
- Ubuntu Xenial
- Ubuntu Bionic
and use:
- Ansible 2.4.x
- Ansible 2.5.x
- Ansible 2.6.x
- Ansible 2.7.x
Running tests
Using Docker driver
$ tox
## Role Variables
### Default role variables
``` yaml
# Path management about sftp users home dir
sftp_data_dir_path: '/var/sftp'
sftp_data_dir_mode: '0750'
sftp_data_dir_owner: 'root'
sftp_data_dir_group: "{{ sftp_users_group_name }}"
# Sftp users management
sftp_users_group_name: 'sftp-users'
sftp_users_home_mode: '0750'
sftp_users_skeleton: '/etc/skel'
sftp_users_shell: '/usr/sbin/nologin'
sftp_users: []
SSHd configuration
Example of SSHd configuration if you use willshersystems.sshd
You can use the following configuration (at least) in your group/host vars files. SSHD configuration is not managed inside the role.
sshd_Subsystem: 'sftp internal-sftp'
sshd_match:
- Condition: 'Group {{ sftpd_users_group_name }}'
ChrootDirectory: '%h'
AllowTCPForwarding: False
X11Forwarding: False
ForceCommand: 'internal-sftp'
SFTP users format
sftp_users:
- name: 'my_name'
authorized_keys:
- 'beautiful_public_key'
skeleton: '/etc/skels/sftp-users' *optional*
shell: '/bin/false' *optional*
state: 'present' *optional*
- sftp_users_skeleton is the default skel if not defined in user entry.
- sftp_users_shell is the default shell if not defined in user entry.
- present is the default user state value.
Dependencies
No mandatory dependencies, but you can use this role to manage SSHD configuration:
Example Playbook
- hosts: servers
roles:
- { role: Temelio.sftp }
License
MIT
Author Information
A Chaussier, L Machetel (for Temelio company)