ansible_role_sshd/defaults/main.yml

---
# default users for SSH access
sshd_default_allowed_users:
  - "root"
  - "ansible"

# don't forget to add the ssh_access group!
sshd_default_allowed_groups:
  - "root"
  - "admins"


# Enable AllowUsers and AllowGroups options
restrict_allow_users: True

# Require ed25519 key
only_allow_ed25519: true 

# Allow login with password?
sshd_password_authentication: 'no' # 'yes' or 'no'

# Allow optional cryptho methods (NOT RECOMENDED)
generate_ecdsa_too: false
use_diffie-hellman-group-exchange-sha256: false
use_aes256-ctr: false
use_hmac-sha2-512: false
Optionally disable Allow[Users,Groups] options 2018-08-26 17:25:12 +02:00			`---`
allow dynamic user configuration 2019-03-27 14:23:41 +01:00			`# default users for SSH access`
			`sshd_default_allowed_users:`
			`- "root"`
			`- "ansible"`

Add ssh group variable 2019-03-27 15:16:55 +01:00			`# don't forget to add the ssh_access group!`
			`sshd_default_allowed_groups:`
			`- "root"`
			`- "admins"`


Optionally disable Allow[Users,Groups] options 2018-08-26 17:25:12 +02:00			`# Enable AllowUsers and AllowGroups options`
			`restrict_allow_users: True`
add option to enable password based auth 2019-04-08 19:34:58 +02:00
Make sure ssh is more secure and more customizable 2019-04-09 22:03:00 +02:00			`# Require ed25519 key`
			`only_allow_ed25519: true`

add option to enable password based auth 2019-04-08 19:34:58 +02:00			`# Allow login with password?`
change boolean to string 2019-04-08 19:37:59 +02:00			`sshd_password_authentication: 'no' # 'yes' or 'no'`
Make sure ssh is more secure and more customizable 2019-04-09 22:03:00 +02:00
			`# Allow optional cryptho methods (NOT RECOMENDED)`
			`generate_ecdsa_too: false`
			`use_diffie-hellman-group-exchange-sha256: false`
Improve SSHD config 2019-04-09 22:13:59 +02:00			`use_aes256-ctr: false`
			`use_hmac-sha2-512: false`