---
# set the ssh port
ssh_port: 22

# default users for SSH access
sshd_default_allowed_users:
  - "root"
  - "ansible"

# don't forget to add the ssh_access group!
sshd_default_allowed_groups:
  - "root"
  - "admins"

# Enable AllowUsers and AllowGroups options
restrict_allow_users: True

# Forcing only ed25519 SSH keys
only_allow_ed25519: true 

# Allow login with password?
sshd_password_authentication: 'no' # 'yes' or 'no'

# Allow optional cryptho methods (NOT RECOMENDED)
generate_ecdsa_too: false
use_diffie_hellman_group_exchange_sha256: false
use_aes256_ctr: false
use_hmac_sha2_512: false

do_not_delete_legacy_ssh_keys: true

# version check for this role?
submodules_versioncheck: true