ansible/ansible_role_sshd
1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_sshd.git synced 2024-08-16 11:59:49 +02:00
Code Issues Releases Activity

Improve SSHD config

Browse source
This commit is contained in:
L3D 2019-04-09 22:13:59 +02:00
parent 97847cc1d4
commit 7b7abebb68
3 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
defaults/main.yml
View file

@ -22,3 +22,5 @@ sshd_password_authentication: 'no' # 'yes' or 'no'
# Allow optional cryptho methods (NOT RECOMENDED)
generate_ecdsa_too: false
use_diffie-hellman-group-exchange-sha256: false
use_aes256-ctr: false
use_hmac-sha2-512: false

2
tasks/main.yml
View file

@ -20,7 +20,7 @@
- name: Copy sshd configuration
become: yes
template:
src: sshd_config
src: sshd_config.j2
dest: '/etc/ssh/sshd_config'
owner: root
group: root

7
templates/sshd_config → templates/sshd_config.j2
View file

@ -1,3 +1,4 @@
# Attention, do not make changes
# {{ ansible_managed }}
@ -57,7 +58,8 @@ endif %}PubkeyAcceptedKeyTypes ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
# aes256-ctr,
# aes192-ctr,
# aes128-ctr
Ciphers chacha20-poly1305@openssh.com
Ciphers chacha20-poly1305@openssh.com{%
if use_aes256-ctr %},aes256-ctr{% endif %}
# Message authentication codes
@ -69,7 +71,8 @@ Ciphers chacha20-poly1305@openssh.com
# hmac-sha2-256,
# hmac-ripemd160,
# umac-128@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com{%
if use_hmac-sha2-512 %},hmac-sha2-512{% endif %}
# Allow client to pass locale environment variables