1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_sshd.git synced 2024-08-16 11:59:49 +02:00

update sshd config

This commit is contained in:
L3D 2020-03-26 14:14:59 +01:00
parent 1ab79c4b78
commit 8a05d7c6fe
No known key found for this signature in database
GPG key ID: 5215C3441797AB2B

View file

@ -1,9 +1,16 @@
# Attention, local changew will be overwritten # Attention, local changew will be overwritten
# MIT (C) L3D # MIT (C) L3D
# {{ ansible_managed }} # {{ ansible_managed }}
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
Include /etc/ssh/sshd_config.d/*.conf
# Networking # Networking
Port {{ sshd.port }} Port {{ sshd.port }}
AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
TCPKeepAlive yes TCPKeepAlive yes
@ -14,12 +21,18 @@ TCPKeepAlive yes
{%- endfor %} {%- endfor %}
# Ciphers: # Ciphers and keying
#RekeyLimit default none
{{ 'Ciphers ' }} {{ 'Ciphers ' }}
{%- for cipher in sshd.ciphers -%} {%- for cipher in sshd.ciphers -%}
{{ cipher }}{{ "," if not loop.last }} {{ cipher }}{{ "," if not loop.last }}
{%- endfor %} {%- endfor %}
# Logging
SyslogFacility AUTH
LogLevel INFO
# Macs # Macs
{{ 'MACs ' }} {{ 'MACs ' }}
@ -27,9 +40,10 @@ TCPKeepAlive yes
{{ mac }}{{ "," if not loop.last }} {{ mac }}{{ "," if not loop.last }}
{%- endfor %} {%- endfor %}
# Server authentication # Server Authentication
Protocol 2 Protocol 2
{% if sshd.manage_key_types | bool -%} {% if sshd.manage_key_types | bool -%}
# host key types # host key types
{% for key in sshd.key_types %} {% for key in sshd.key_types %}
@ -47,6 +61,8 @@ HostKey /etc/ssh/ssh_host_{{ key }}_key
# Client authentication # Client authentication
MaxAuthTries 6
MaxSessions 10
PasswordAuthentication PasswordAuthentication
{%- if sshd.password_authentication | bool -%} {%- if sshd.password_authentication | bool -%}
{{ ' yes' }} {{ ' yes' }}
@ -65,6 +81,31 @@ X11Forwarding
{{ ' no' }} {{ ' no' }}
{% endif %} {% endif %}
AllowTcpForwarding yes
#GatewayPorts no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# If you just want the PAM account and session checks to run without # If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication # PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'. # and ChallengeResponseAuthentication to 'no'.