sshd

Ansible role - sshd

Maintainer License Release Status Ansible version Ansible Galaxy

:star: Star us on GitHub — it motivates us a lot!

Install and configure SSHd. Manages Certificate Authority

:warning: Requirements

Ansible >= 2.10

:zap: Installation

ansible-galaxy install claranet.sshd

:gear: Role variables

Variable Default value Description
sshd_trustedusercakeys_content empty Content of the Trusted User Keys Certificate Authority
sshd_principals {} Content of AuthorizedPrincipalsFile
sshd_principals_list_merge append How sshd_principals and sshd_principals_default are combined.
sshd_config_template sshd_config.j2 Default template name for /etc/ssh/sshd_config
sshd_config_chmod 444 Default mode for /etc/ssh/sshd_config
sshd_config {} ssh config options
sshd_config_list_merge append How sshd_config and sshd_default_default are combined.
sshd_config_list_separated_by_comma [] sshd_config options separated by coma
sshd_config_list_separated_by_newline [] sshd_config options multi line splited
sshd_yes_i_know_what_i_am_doing false by-pass check AuthorizedPrincipalsFile ends
sshd_config_d_include false Enable "Include config.d/*"
sshd_banner_template https://raw.githubusercontent.com/claranet/motd/master/banner SSH banner template
Can be a URL, a local template or null
sshd_banner_template_prepend empty Prepend raw content to sshd_banner_template
sshd_banner_template_append See defaults/main/main.yml Append raw content to sshd_banner_template
sshd_banner_template_username empty Used when sshd_banner_template is an URL
sshd_banner_template_password empty Used when sshd_banner_template is an URL

:arrows_counterclockwise: Dependencies

N/A

:pencil2: Example Playbook

---
- hosts: all
  vars:
    sshd_trustedusercakeys_content: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=secret/public_key') }}"
    sshd_principals_default:
      admin:
        - adm

  roles:
    - claranet.sshd

Customize SSHd configuration

sshd_config:
  HostKeyAlgorithms:
    - ssh-dss
    - ssh-rsa

Will be rendered as HostKeyAlgorithms ssh-dss,ssh-rsa in the config file.

Delete a key from default configuration

To delete a key from the default config, you can set the value as null.

sshd_config:
  CASignatureAlgorithm: null

:closed_lock_with_key: Hardening

:heart_eyes_cat: Contributing

Mozilla Public License Version 2.0

About

Install and configure SSHd. Manages Certificate Authority

Install
ansible-galaxy install claranet/ansible-role-sshd
GitHub repository
License
mpl-2.0
Downloads
27334
Owner
Open source projects from and contributed to by Claranet.