1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_sshd.git synced 2024-08-16 11:59:49 +02:00
ansible_role_sshd/defaults/main.yml

87 lines
2.1 KiB
YAML
Raw Normal View History

---
2020-03-17 15:25:04 +01:00
sshd:
# set the ssh server port
port: 22
# ssh password authorisatuin (not recomended)
password_authentication: false
# should we disable not selected ssh key types?
manage_key_types: true
# choose ssh server allowed key types
key_types:
- ed25519
# - rsa
# - ecdsa
# - dsa # (do not use!)
2020-03-17 18:47:15 +01:00
key_algorithmus:
- 'ssh-ed25519-cert-v01@openssh.com'
- 'ssh-ed25519'
# - 'ecdsa-sha2-nistp521-cert-v01@openssh.com'
# - 'ecdsa-sha2-nistp384-cert-v01@openssh.com'
# - 'ecdsa-sha2-nistp256-cert-v01@openssh.com'
# - 'rsa-sha2-512-cert-v01@openssh.com'
# - 'rsa-sha2-256-cert-v01@openssh.com'
# - 'ssh-rsa-cert-v01@openssh.com'
# - 'ecdsa-sha2-nistp521'
# - 'ecdsa-sha2-nistp384'
# - 'ecdsa-sha2-nistp256'
# - 'rsa-sha2-512'
# - 'rsa-sha2-256'
# - 'ssh-rsa'
2020-03-17 17:25:08 +01:00
kex_algorithmus:
- 'curve25519-sha256@libssh.org'
- 'diffie-hellman-group-exchange-sha256'
# - 'diffie-hellman-group-exchange-sha1'
# - 'diffie-hellman-group14-sha1'
# - 'diffie-hellman-group1-sha1'
2020-03-17 15:25:04 +01:00
2020-03-17 17:25:08 +01:00
ciphers:
- 'chacha20-poly1305@openssh.com'
- 'aes256-gcm@openssh.com'
# - 'aes256-ctr'
# - 'aes256-cbc'
# - 'aes128-ctr'
# - 'aes128-cbc'
macs:
- 'hmac-sha2-512-etm@openssh.com'
- 'hmac-sha2-256-etm@openssh.com'
# - 'hmac-sha2-512'
# - 'hmac-sha2-256'
# - 'hmac-ripemd160-etm@openssh.com'
# - 'umac-128-etm@openssh.com'
# - 'hmac-sha1'
2020-03-17 15:25:04 +01:00
2020-03-17 17:25:08 +01:00
#
# default users for SSH access
2020-03-17 15:25:04 +01:00
#sshd_default_allowed_users:
# - "root"
# - "ansible"
#
## don't forget to add the ssh_access group!
#sshd_default_allowed_groups:
# - "root"
# - "admins"
##
## Enable AllowUsers and AllowGroups options
#restrict_allow_users: True
#
### Forcing only ed25519 SSH keys
#only_allow_ed25519: true
#
## Allow login with password?
#
### Allow optional cryptho methods (NOT RECOMENDED)
#generate_ecdsa_too: false
#use_diffie_hellman_group_exchange_sha256: false
#u#se_aes256_ctr: false
#u#se_hmac_sha2_512: false
###
#do_not_delete_legacy_ssh_keys: true
# perform simple version check for this role? (true is recomended)
submodules_versioncheck: false