1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_collection_users.git synced 2024-08-16 10:29:50 +02:00
ansible_collection_users/roles/sshd/defaults/main.yml

97 lines
2.7 KiB
YAML
Raw Normal View History

2024-02-15 02:51:39 +01:00
---
# create users
l3d_users__default_users: []
# - name: 'alice'
# state: 'present'
# shell: '/bin/bash'
# create_home: true
# pubkeys: |
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvvXN33GwkTF4ZOwPgF21Un4R2z9hWUuQt1qIfzQyhC
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAG65EdcM+JLv0gnzT9LcqVU47Pkw0SqiIg7XipXENi8
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJz7zEvUVgJJJsIgfG3izsqYcM22IaKz4jGVUbNRL2PX
# exklusive_pubkeys: true
# password: "$Password_hash"
# admin: true
# admin_commands: 'ALL'
# admin_nopassword: false
# admin_ansible_login: true
2024-02-15 02:51:39 +01:00
# - name: 'bob'
# state: 'present'
# shell: '/bin/zsh'
# admin: false
# pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}"
# exklusive_pubkeys: false
l3d_users__local_users: []
# - name: 'charlie'
# state: 'present'
# admin: false
# pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}"
l3d_users__ssh_login: []
# - name: 'dora'
2024-02-15 03:37:33 +01:00
# state: 'present'
2024-02-15 02:51:39 +01:00
l3d_users__limit_login: true
l3d_users__sshd_port: 22
l3d_users__sshd_password_authentication: false
2024-02-15 03:37:33 +01:00
l3d_users__sshd_permitrootlogin: false
l3d_users__create_ansible: true
l3d_users__ansible_user_state: 'present'
2024-02-15 02:51:39 +01:00
l3d_users__sshd_manage_server_key_types: true
l3d_users__sshd_server_key_types:
2024-02-15 03:37:33 +01:00
- 'ed25519'
# - 'rsa'
# - 'ecdsa'
2024-02-15 02:51:39 +01:00
l3d_users__sshd_manage_key_algorithmus: true
l3d_users__sshd_key_algorithmus:
- 'ssh-ed25519-cert-v01@openssh.com'
- 'ssh-ed25519'
- 'ecdsa-sha2-nistp521-cert-v01@openssh.com'
- 'ecdsa-sha2-nistp384-cert-v01@openssh.com'
- 'ecdsa-sha2-nistp256-cert-v01@openssh.com'
# - 'rsa-sha2-512-cert-v01@openssh.com'
# - 'rsa-sha2-256-cert-v01@openssh.com'
# - 'ssh-rsa-cert-v01@openssh.com'
# - 'ecdsa-sha2-nistp521'
# - 'ecdsa-sha2-nistp384'
# - 'ecdsa-sha2-nistp256'
# - 'rsa-sha2-512'
# - 'rsa-sha2-256'
# - 'ssh-rsa'
l3d_users__sshd_manage_kex_algorithmus: true
l3d_users__sshd_kex_algorithmus:
- 'curve25519-sha256@libssh.org'
- 'diffie-hellman-group-exchange-sha256'
- 'diffie-hellman-group-exchange-sha1'
# - 'diffie-hellman-group14-sha1'
# - 'diffie-hellman-group1-sha1'
l3d_users__sshd_manage_ciphers: true
l3d_users__sshd_ciphers:
- 'chacha20-poly1305@openssh.com'
- 'aes256-gcm@openssh.com'
- 'aes256-ctr'
# - 'aes256-cbc'
# - 'aes128-ctr'
# - 'aes128-cbc'
l3d_users__sshd_manage_macs: true
l3d_users__sshd_macs:
- 'hmac-sha2-512-etm@openssh.com'
- 'hmac-sha2-256-etm@openssh.com'
- 'hmac-sha2-512'
# - 'hmac-sha2-256'
# - 'hmac-ripemd160-etm@openssh.com'
# - 'umac-128-etm@openssh.com'
# - 'hmac-sha1'
l3d_users__sshd_xforwarding: true
# run simple versionscheck
submodules_versioncheck: false