1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_sshd.git synced 2024-08-16 11:59:49 +02:00
Ansible role to configure and secure sshd and optional add a whitelist for users, groups and ssh keys.
Find a file
2020-09-18 15:43:53 +02:00
.github continue cleanup 2020-03-17 16:39:59 +01:00
defaults create mechanism to get openssh-server version 2020-08-05 15:22:13 +02:00
handlers create mechanism to get openssh-server version 2020-08-05 15:22:13 +02:00
meta improve layout for galaxy 2019-05-15 13:31:20 +02:00
tasks update opnessh server for arch 2020-09-18 15:43:53 +02:00
templates add default value for var 2020-08-05 16:35:44 +02:00
vars update opnessh server for arch 2020-09-18 15:43:53 +02:00
LICENCE Improve LICENCE Text 2019-05-29 11:01:25 +02:00
README.md change variable layout 2020-08-04 15:07:02 +02:00

OpenSSH Server

Ansible role to configure the OpenSSH ssh server. Use Eliptic cureve cryptografie for your ssh keys e.g.:

ssh-keygen -t ed25519

combinations

It is highly recomended to use this role together with a role to manage users and to manage the sshd configuration.
The following roles are tested in combination and work well - at least for the user DO1JLR:

Some Variables explained

Remember: Have a look into defaults/main.yml for all possible variables.

Important part:

Define the users (and optional their ssh keys) for the ssh config template:

users:
  l3d:
    - l3d
  ottojo:
   - ottojo@uni
   - ottojo@home

-> This means l3d and ottojo are able to login.

Files

  • sshd.conf:

References

Don't forget:

  • This role will not deploy or touch any ssh public keys. There are other roles to do that.
  • Be carefull if you don't have a eliptic curve ed25519 key. only_allow_ed25519: true is the default option.
    • If you really have to deal with RSA Keys or simmilar, you should think about a backup ed25519 ssh key. Better a backup than beeing locked out!