{"id":19568794,"url":"https://github.com/buluma/ansible-role-openssh","last_synced_at":"2025-04-27T02:33:06.075Z","repository":{"id":40355903,"uuid":"457678735","full_name":"buluma/ansible-role-openssh","owner":"buluma","description":"Install and configure openssh on your system.","archived":false,"fork":false,"pushed_at":"2024-07-28T08:04:58.000Z","size":139,"stargazers_count":4,"open_issues_count":7,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-04T20:24:41.575Z","etag":null,"topics":["ansible","ansible-role","molecule","openssh","playbook","tox"],"latest_commit_sha":null,"homepage":"https://galaxy.ansible.com/buluma/openssh","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/buluma.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"buluma"}},"created_at":"2022-02-10T07:43:29.000Z","updated_at":"2024-07-28T07:55:46.000Z","dependencies_parsed_at":"2023-12-25T17:50:52.880Z","dependency_job_id":"b9330332-ad86-4a83-8559-d7086925afc8","html_url":"https://github.com/buluma/ansible-role-openssh","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buluma%2Fansible-role-openssh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buluma%2Fansible-role-openssh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buluma%2Fansible-role-openssh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buluma%2Fansible-role-openssh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/buluma","download_url":"https://codeload.github.com/buluma/ansible-role-openssh/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251080744,"owners_count":21533142,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","molecule","openssh","playbook","tox"],"created_at":"2024-11-11T06:06:21.071Z","updated_at":"2025-04-27T02:33:05.215Z","avatar_url":"https://github.com/buluma.png","language":"Jinja","funding_links":["https://github.com/sponsors/buluma"],"categories":[],"sub_categories":[],"readme":"# Ansible role [openssh](https://galaxy.ansible.com/ui/standalone/roles/buluma/openssh/documentation)\n\nInstall and configure openssh on your system.\n\n|GitHub|Version|Issues|Pull Requests|Downloads|\n|------|-------|------|-------------|---------|\n|[![github](https://github.com/buluma/ansible-role-openssh/actions/workflows/molecule.yml/badge.svg)](https://github.com/buluma/ansible-role-openssh/actions/workflows/molecule.yml)|[![Version](https://img.shields.io/github/release/buluma/ansible-role-openssh.svg)](https://github.com/buluma/ansible-role-openssh/releases/)|[![Issues](https://img.shields.io/github/issues/buluma/ansible-role-openssh.svg)](https://github.com/buluma/ansible-role-openssh/issues/)|[![PullRequests](https://img.shields.io/github/issues-pr-closed-raw/buluma/ansible-role-openssh.svg)](https://github.com/buluma/ansible-role-openssh/pulls/)|[![Ansible Role](https://img.shields.io/ansible/role/d/buluma/openssh)](https://galaxy.ansible.com/ui/standalone/roles/buluma/openssh/documentation)|\n\n## [Example Playbook](#example-playbook)\n\nThis example is taken from [`molecule/default/converge.yml`](https://github.com/buluma/ansible-role-openssh/blob/master/molecule/default/converge.yml) and is tested on each push, pull request and release.\n\n```yaml\n---\n- name: Converge\n  hosts: all\n  become: true\n  gather_facts: true\n\n  roles:\n    - role: buluma.openssh\n      openssh_allow_users:\n        - root\n      openssh_allow_groups:\n        - root\n```\n\nThe machine needs to be prepared. In CI this is done using [`molecule/default/prepare.yml`](https://github.com/buluma/ansible-role-openssh/blob/master/molecule/default/prepare.yml):\n\n```yaml\n---\n- name: Prepare\n  hosts: all\n  become: true\n  gather_facts: false\n\n  roles:\n    - role: buluma.bootstrap\n    - role: buluma.selinux\n```\n\nAlso see a [full explanation and example](https://buluma.github.io/how-to-use-these-roles.html) on how to use these roles.\n\n## [Role Variables](#role-variables)\n\nThe default values for the variables are set in [`defaults/main.yml`](https://github.com/buluma/ansible-role-openssh/blob/master/defaults/main.yml):\n\n```yaml\n---\n# defaults file for openssh\n\n# The tcp port ssh should listen on.\nopenssh_port: 22\n\nopenssh_address_family: any\n\nopenssh_listen_addresses:\n  - \"0.0.0.0\"\n  - \"::\"\n\nopenssh_host_keys:\n  - /etc/ssh/ssh_host_rsa_key\n  - /etc/ssh/ssh_host_ecdsa_key\n  - /etc/ssh/ssh_host_ed25519_key\n\nopenssh_rekey_limit: default none\n\nopenssh_syslog_facility: AUTH\n\nopenssh_loglevel: INFO\n\nopenssh_login_grace_time: 2m\nopenssh_permit_root_login: \"yes\"\nopenssh_strict_modes: \"yes\"\nopenssh_max_auth_tries: 6\nopenssh_max_sessions: 10\n\nopenssh_pub_key_authentication: \"yes\"\n\nopenssh_authorized_key_file: \".ssh/authorized_keys\"\n\nopenssh_authorized_prinicpals_file: none\nopenssh_authorized_keys_command: none\nopenssh_authorized_keys_command_user: nobody\n\nopenssh_host_based_authentication: \"no\"\nopenssh_ignore_user_known_hosts: \"no\"\nopenssh_ignore_rhosts: \"yes\"\n\nopenssh_permit_empty_passwords: \"no\"\nopenssh_password_authentication: \"yes\"\n\nopenssh_challenge_response_authentication: \"no\"\n\nopenssh_gssapi_authentication: \"yes\"\nopenssh_gssapi_cleanup_credentials: \"no\"\nopenssh_gssapi_strict_acceptor_check: \"yes\"\nopenssh_gssapi_key_exchange: \"no\"\nopenssh_gssaip_enable_k5_users: \"no\"\n\nopenssh_use_pam: \"yes\"\n\nopenssh_allow_agent_forwarding: \"yes\"\nopenssh_allow_tcp_forwarding: \"yes\"\nopenssh_gateway_ports: \"no\"\nopenssh_x11_forwarding: \"yes\"\nopenssh_x11_display_offset: 10\nopenssh_x11_use_localhost: \"yes\"\nopenssh_permit_tty: \"yes\"\n\nopenssh_print_motd: \"no\"\n\nopenssh_print_last_log: \"yes\"\nopenssh_tcp_keep_alive: \"yes\"\nopenssh_permit_user_environment: \"no\"\nopenssh_compression: delayed\nopenssh_client_alive_interval: 30\nopenssh_client_alive_count_max: 3\nopenssh_show_patch_level: \"no\"\nopenssh_use_dns: \"no\"\nopenssh_pid_file: /var/run/sshd.pid\nopenssh_max_startups: \"10:30:100\"\nopenssh_permit_tunnel: \"no\"\nopenssh_chroot_directory: none\nopenssh_version_addendum: none\n\nopenssh_banner: none\n\nopenssh_accept_envs:\n  - LANG\n  - LANGUAGE\n  - LC_ADDRESS\n  - LC_ALL\n  - LC_COLLATE\n  - LC_CTYPE\n  - LC_IDENTIFICATION\n  - LC_MEASUREMENT\n  - LC_MESSAGES\n  - LC_MONETARY\n  - LC_NAME\n  - LC_NUMERIC\n  - LC_PAPER\n  - LC_TELEPHONE\n  - LC_TIME\n  - XMODIFIERS\n\nopenssh_subsystem: sftp {{ openssh_sftp_server }}\n\n# Specifies a file containing public keys of certificate authorities that are\n# trusted to sign user certificates for authentication, or none to not use one.\nopenssh_trusted_user_ca_keys: none\n\n# Restrict access to this (space separated list) of users or groups.\n# For example: \"openssh_allow_users: root my_user\"\n# openssh_allow_users:\n#  - root\n\n# For example: \"openssh_allow_groups: wheel my_group\"\n# openssh_allow_groups: wheel\n\n# The key exchange methods that are used to generate per-connection keys\n# openssh_kexalgorithms:\n#   - curve25519-sha256\n#   - curve25519-sha256@libssh.org\n#   - ecdh-sha2-nistp256\n#   - ecdh-sha2-nistp384\n#   - ecdh-sha2-nistp521\n#   - diffie-hellman-group-exchange-sha256\n#   - diffie-hellman-group16-sha512\n#   - diffie-hellman-group18-sha512\n#   - diffie-hellman-group14-sha256\n\n# The public key algorithms accepted for an SSH server to authenticate itself to an SSH client\n# openssh_hostkey_algorithms:\n#   - ecdsa-sha2-nistp256-cert-v01@openssh.com\n#   - ecdsa-sha2-nistp384-cert-v01@openssh.com\n#   - ecdsa-sha2-nistp521-cert-v01@openssh.com\n#   - sk-ecdsa-sha2-nistp256-cert-v01@openssh.com\n#   - ssh-ed25519-cert-v01@openssh.com\n#   - sk-ssh-ed25519-cert-v01@openssh.com\n#   - rsa-sha2-512-cert-v01@openssh.com\n#   - rsa-sha2-256-cert-v01@openssh.com\n#   - ssh-rsa-cert-v01@openssh.com\n#   - ecdsa-sha2-nistp256\n#   - ecdsa-sha2-nistp384\n#   - ecdsa-sha2-nistp521\n#   - sk-ecdsa-sha2-nistp256@openssh.com\n#   - ssh-ed25519\n#   - sk-ssh-ed25519@openssh.com\n#   - rsa-sha2-512\n#   - rsa-sha2-256\n#   - ssh-rsa\n\n# The ciphers to encrypt the connection\n# openssh_ciphers:\n#   - chacha20-poly1305@openssh.com\n#   - aes128-ctr\n#   - aes192-ctr\n#   - aes256-ctr\n#   - aes128-gcm@openssh.com\n#   - aes256-gcm@openssh.com\n\n# The message authentication codes used to detect traffic modification\n# openssh_macs:\n#   - umac-64-etm@openssh.com\n#   - umac-128-etm@openssh.com\n#   - hmac-sha2-256-etm@openssh.com\n#   - hmac-sha2-512-etm@openssh.com\n#   - hmac-sha1-etm@openssh.com\n#   - umac-64@openssh.com\n#   - umac-128@openssh.com\n#   - hmac-sha2-256\n#   - hmac-sha2-512\n#   - hmac-sha1\n# openssh_allow_groups:\n#  - wheel\n```\n\n## [Requirements](#requirements)\n\n- pip packages listed in [requirements.txt](https://github.com/buluma/ansible-role-openssh/blob/master/requirements.txt).\n\n## [State of used roles](#state-of-used-roles)\n\nThe following roles are used to prepare a system. You can prepare your system in another way.\n\n| Requirement | GitHub | Version |\n|-------------|--------|--------|\n|[buluma.bootstrap](https://galaxy.ansible.com/buluma/bootstrap)|[![Ansible Molecule](https://github.com/buluma/ansible-role-bootstrap/actions/workflows/molecule.yml/badge.svg)](https://github.com/buluma/ansible-role-bootstrap/actions/workflows/molecule.yml)|[![Version](https://img.shields.io/github/release/buluma/ansible-role-bootstrap.svg)](https://github.com/shadowwalker/ansible-role-bootstrap)|\n|[buluma.selinux](https://galaxy.ansible.com/buluma/selinux)|[![Ansible Molecule](https://github.com/buluma/ansible-role-selinux/actions/workflows/molecule.yml/badge.svg)](https://github.com/buluma/ansible-role-selinux/actions/workflows/molecule.yml)|[![Version](https://img.shields.io/github/release/buluma/ansible-role-selinux.svg)](https://github.com/shadowwalker/ansible-role-selinux)|\n\n## [Context](#context)\n\nThis role is a part of many compatible roles. Have a look at [the documentation of these roles](https://buluma.github.io/) for further information.\n\nHere is an overview of related roles:\n\n![dependencies](https://raw.githubusercontent.com/buluma/ansible-role-openssh/png/requirements.png \"Dependencies\")\n\n## [Compatibility](#compatibility)\n\nThis role has been tested on these [container images](https://hub.docker.com/u/buluma):\n\n|container|tags|\n|---------|----|\n|[Alpine](https://hub.docker.com/r/buluma/alpine)|all|\n|[Amazon](https://hub.docker.com/r/buluma/amazonlinux)|Candidate|\n|[EL](https://hub.docker.com/r/buluma/enterpriselinux)|8, 9|\n|[Debian](https://hub.docker.com/r/buluma/debian)|all|\n|[Fedora](https://hub.docker.com/r/buluma/fedora)|all|\n|[opensuse](https://hub.docker.com/r/buluma/opensuse)|all|\n|[Ubuntu](https://hub.docker.com/r/buluma/ubuntu)|focal, jammy, bionic|\n\nThe minimum version of Ansible required is 2.12, tests have been done to:\n\n- The previous version.\n- The current version.\n- The development version.\n\nIf you find issues, please register them in [GitHub](https://github.com/buluma/ansible-role-openssh/issues)\n\n## [Changelog](#changelog)\n\n[Role History](https://github.com/buluma/ansible-role-openssh/blob/master/CHANGELOG.md)\n\n## [License](#license)\n\n[Apache-2.0](https://github.com/buluma/ansible-role-openssh/blob/master/LICENSE)\n\n## [Author Information](#author-information)\n\n[Shadow Walker](https://buluma.github.io/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbuluma%2Fansible-role-openssh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbuluma%2Fansible-role-openssh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbuluma%2Fansible-role-openssh/lists"}