mirror of
https://github.com/roles-ansible/ansible_role_sshd.git
synced 2024-08-16 11:59:49 +02:00
Ansible role to configure and secure sshd and optional add a whitelist for users, groups and ssh keys.
| .github | ||
| defaults | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| vars | ||
| LICENCE | ||
| README.md | ||
OpenSSH Server
Ansible role to configure the OpenSSH ssh server.
Use Eliptic cureve cryptografie for your ssh keys e.g.:
ssh-keygen -t ed25519
combinations
It is highly recomended to use this role together with a role to manage users and to manage the sshd configuration.
The following roles are tested in combination and work well - at least for the user DO1JLR:
- github.com/chaos-bodensee/role-manage_users
- github.com/chaos-bodensee/role-ssh_authorized_keys
- github.com/chaos-bodensee/role_sshd (this one)
Some Variables explained
Remember: Have a look into defaults/main.yml for all possible variables.
Important part:
Define the users (and optional their ssh keys) for the ssh config template:
users:
l3d:
- l3d
ottojo:
- ottojo@uni
- ottojo@home
-> This means l3d and ottojo are able to login.
Files
sshd.conf:
References
Don't forget:
- This role will not deploy or touch any ssh public keys. There are other roles to do that.
- Be carefull if you don't have a eliptic curve ed25519 key.
only_allow_ed25519: trueis the default option.- If you really have to deal with RSA Keys or simmilar, you should think about a backup ed25519 ssh key. Better a backup than beeing locked out!