ansible_role_sshd/README.md

 OpenSSH Server
==============

Ansible role to configure the OpenSSH `ssh` server.
Use Eliptic cureve cryptografie for your ssh keys e.g.:
```bash
ssh-keygen -t ed25519
```

 combinations
---------------
It is highly recomended to use this role together with a role to manage users and to manage the sshd configuration.<br/>
The following roles are tested in combination and work well - at least for the user [DO1JLR](https://github.com/do1jlr):
 - [github.com/chaos-bodensee/role-manage_users](https://github.com/chaos-bodensee/role-manage_users.git)
 - [github.com/chaos-bodensee/role-ssh_authorized_keys](https://github.com/chaos-bodensee/role-ssh_authorized_keys.git)
 - [github.com/roles-ansible/ansible_role_sshd](https://github.com/roles-ansible/ansible_role_sshd.git) *(this one)*


 Some Variables explained
------------------------------
**Remember:** Have a look into ``defaults/main.yml`` for all possible variables.

+ **SSH Port**
  The OpenSSH Port is defined with the variable ``sshd__port: 22``. Change it if you wish.

+ **Allowed Users and Groups**
  The default users that are allowd to login come from the ``users: {}`` list.
  The same ``users: {}`` variable is used in the other recomended ssh roles.
  A example to allow the login for the users and groups called ``l3d`` and ``ottojo`` are:
```
users:
  l3d:
    - l3d
  ottojo:
   - ottojo@uni
   - ottojo@home
```

+ **SSH Login via Passwort**
  The SSH Passwort auth is set to false via ``sshd__password_authentication: false``. This won't allow you to use your passwort to login via SSH.

+ **Manage SSH Key Types**
  By default this role configure which ssh key types are allowed to login. If you don't want to define that change the ``sshd__manage_key_types: true`` variable.

+ **Define allowed ssh key types**
  The allowed SSH Key Types are defined with this list. Some of them are commented out.
  Please not that by defualt only ``ed25519`` keys are allowed. Keep that in mind if you are using a rsa key.
```
  sshd__key_types:
  - 'ed25519'
  # - 'rsa'
  # - 'ecdsa'
  # - 'dsa' # (do not use!)
```

+ **Advanced SSH Algorithm Settings**
  You can define the used Key and Key Algorithm here to. For the default values and some examples for the variables ``sshd__key_algorithmus`` and ``sshd__kex_algorithmus`` have a look into ``defaults/main.yml``.


+ **force new SSH Features**
  If you know that you use a ssh version ``>8`` you can optionally define it with ``true/false`` with the ``sshd__version_is_above_eight`` variable.

 Files
-----

The main task of this role is to configure the ``sshd.conf`` file.


 References
----------

* [Secure Secure Shell](https://stribika.github.io/2015/01/04/secure-secure-shell.html)
Improve documentation 2019-05-15 12:37:25 +02:00			`OpenSSH Server`
Simple and secure openssh server configuration 2018-03-07 03:28:23 +01:00			`==============`

			Ansible role to configure the OpenSSH `ssh` server.
Update README 2018-11-12 21:37:43 +01:00			`Use Eliptic cureve cryptografie for your ssh keys e.g.:`
			```bash
			`ssh-keygen -t ed25519`
			```
Simple and secure openssh server configuration 2018-03-07 03:28:23 +01:00
Expand description in README 2019-11-14 10:36:18 +01:00			`combinations`
			`---------------`
			`It is highly recomended to use this role together with a role to manage users and to manage the sshd configuration.<br/>`
			`The following roles are tested in combination and work well - at least for the user [DO1JLR](https://github.com/do1jlr):`
			`- [github.com/chaos-bodensee/role-manage_users](https://github.com/chaos-bodensee/role-manage_users.git)`
			`- [github.com/chaos-bodensee/role-ssh_authorized_keys](https://github.com/chaos-bodensee/role-ssh_authorized_keys.git)`
improve README 2021-03-13 23:01:11 +01:00			`- [github.com/roles-ansible/ansible_role_sshd](https://github.com/roles-ansible/ansible_role_sshd.git) (this one)`
Expand description in README 2019-11-14 10:36:18 +01:00
Simple and secure openssh server configuration 2018-03-07 03:28:23 +01:00
Improve documentation 2019-05-15 12:37:25 +02:00			`Some Variables explained`
			`------------------------------`
			Remember: Have a look into ``defaults/main.yml`` for all possible variables.
Simple and secure openssh server configuration 2018-03-07 03:28:23 +01:00
improve README 2021-03-13 23:01:11 +01:00			`+ SSH Port`
			The OpenSSH Port is defined with the variable ``sshd__port: 22``. Change it if you wish.
Improve documentation 2019-05-15 12:37:25 +02:00
improve README 2021-03-13 23:01:11 +01:00			`+ Allowed Users and Groups`
			The default users that are allowd to login come from the ``users: {}`` list.
			The same ``users: {}`` variable is used in the other recomended ssh roles.
			A example to allow the login for the users and groups called ``l3d`` and ``ottojo`` are:
			```
Update README 2018-11-12 21:37:43 +01:00			`users:`
			`l3d:`
			`- l3d`
			`ottojo:`
			`- ottojo@uni`
			`- ottojo@home`
			```
improve README 2021-03-13 23:01:11 +01:00
			`+ SSH Login via Passwort`
			The SSH Passwort auth is set to false via ``sshd__password_authentication: false``. This won't allow you to use your passwort to login via SSH.

			`+ Manage SSH Key Types`
			By default this role configure which ssh key types are allowed to login. If you don't want to define that change the ``sshd__manage_key_types: true`` variable.

			`+ Define allowed ssh key types`
			`The allowed SSH Key Types are defined with this list. Some of them are commented out.`
			Please not that by defualt only ``ed25519`` keys are allowed. Keep that in mind if you are using a rsa key.
			```
			`sshd__key_types:`
			`- 'ed25519'`
			`# - 'rsa'`
			`# - 'ecdsa'`
			`# - 'dsa' # (do not use!)`
			```

			`+ Advanced SSH Algorithm Settings`
			You can define the used Key and Key Algorithm here to. For the default values and some examples for the variables ``sshd__key_algorithmus`` and ``sshd__kex_algorithmus`` have a look into ``defaults/main.yml``.
Improve documentation 2019-05-15 12:37:25 +02:00
Simple and secure openssh server configuration 2018-03-07 03:28:23 +01:00
improve README 2021-03-13 23:01:11 +01:00			`+ force new SSH Features`
			If you know that you use a ssh version ``>8`` you can optionally define it with ``true/false`` with the ``sshd__version_is_above_eight`` variable.

Improve documentation 2019-05-15 12:37:25 +02:00			`Files`
Automatically compose allowed users and groups lists 2018-03-16 04:54:02 +01:00			`-----`

improve README 2021-03-13 23:01:11 +01:00			The main task of this role is to configure the ``sshd.conf`` file.
Automatically compose allowed users and groups lists 2018-03-16 04:54:02 +01:00

Improve documentation 2019-05-15 12:37:25 +02:00			`References`
Simple and secure openssh server configuration 2018-03-07 03:28:23 +01:00			`----------`

			`* [Secure Secure Shell](https://stribika.github.io/2015/01/04/secure-secure-shell.html)`