mirror of
https://github.com/roles-ansible/ansible_role_sshd.git
synced 2024-08-16 11:59:49 +02:00
Ansible role to configure and secure sshd and optional add a whitelist for users, groups and ssh keys.
.github | ||
defaults | ||
handlers | ||
meta | ||
tasks | ||
templates | ||
vars | ||
.gitignore | ||
.yamllint | ||
LICENCE | ||
README.md |
OpenSSH Server
Ansible role to configure the OpenSSH ssh
server.
Use Eliptic cureve cryptografie for your ssh keys e.g.:
ssh-keygen -t ed25519
combinations
It is highly recomended to use this role together with a role to manage users and to manage the sshd configuration.
The following roles are tested in combination and work well - at least for the user DO1JLR:
- github.com/chaos-bodensee/role-manage_users
- github.com/chaos-bodensee/role-ssh_authorized_keys
- github.com/chaos-bodensee/role_sshd (this one)
Some Variables explained
Remember: Have a look into defaults/main.yml
for all possible variables.
Important part:
Define the users (and optional their ssh keys) for the ssh config template:
users:
l3d:
- l3d
ottojo:
- ottojo@uni
- ottojo@home
-> This means l3d and ottojo are able to login.
Files
sshd.conf
:
References
Don't forget:
- This role will not deploy or touch any ssh public keys. There are other roles to do that.
- Be carefull if you don't have a eliptic curve ed25519 key.
only_allow_ed25519: true
is the default option.- If you really have to deal with RSA Keys or simmilar, you should think about a backup ed25519 ssh key. Better a backup than beeing locked out!