mirror of
https://github.com/roles-ansible/ansible_role_sshd.git
synced 2024-08-16 11:59:49 +02:00
Ansible role to configure and secure sshd and optional add a whitelist for users, groups and ssh keys.
b0f86737ec
Don't compare to literal True/False |
||
---|---|---|
defaults | ||
handlers | ||
meta | ||
tasks | ||
templates | ||
vars | ||
LICENCE | ||
README.md |
OpenSSH Server
Ansible role to configure the OpenSSH ssh
server.
Use Eliptic cureve cryptografie for your ssh keys e.g.:
ssh-keygen -t ed25519
Some Variables explained
Remember: Have a look into defaults/main.yml
for all possible variables.
restrict_allow_users: True
With tis option you can enable or disable if a user needs to be in a special defined group. Like wheels, sudo or something else.
The default ddh groups are admins
and root
only_allow_ed25519: true
Force ssh to deny all ssh keys except for eliptic curve ed25519 keys.
sshd_password_authentication: 'no'
Change the string from 'no' to 'yes' if you want to log in with a password (not recomended).
There are some other cryptographic algorythmen you could enable...
Important part:
Define the users (and optional their ssh keys) for the ssh config template:
users:
l3d:
- l3d
ottojo:
- ottojo@uni
- ottojo@home
-> This means l3d and ottojo are able to login.
Files
sshd.conf
:
References
Don't forget:
- This role will not deploy or touch any ssh public keys. There are other roles to do that.
- Be carefull if you don't have a eliptic curve ed25519 key.
only_allow_ed25519: true
is the default option.- If you really have to deal with RSA Keys or simmilar, you should think about a backup ed25519 ssh key. Better a backup than beeing locked out!