{"id":13753814,"url":"https://github.com/vitalk/ansible-secure-ssh","last_synced_at":"2025-03-16T17:37:00.836Z","repository":{"id":15276573,"uuid":"18005944","full_name":"vitalk/ansible-secure-ssh","owner":"vitalk","description":"The ansible playbook to improve the security of your SSH","archived":false,"fork":false,"pushed_at":"2020-12-05T02:20:30.000Z","size":22,"stargazers_count":97,"open_issues_count":2,"forks_count":31,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-08-04T09:05:53.650Z","etag":null,"topics":["ansible","security","sensible-defaults","ssh"],"latest_commit_sha":null,"homepage":"https://galaxy.ansible.com/vitalk/secure-ssh","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vitalk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-03-22T09:17:07.000Z","updated_at":"2024-07-14T03:51:21.000Z","dependencies_parsed_at":"2022-07-20T21:32:13.250Z","dependency_job_id":null,"html_url":"https://github.com/vitalk/ansible-secure-ssh","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vitalk%2Fansible-secure-ssh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vitalk%2Fansible-secure-ssh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vitalk%2Fansible-secure-ssh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vitalk%2Fansible-secure-ssh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vitalk","download_url":"https://codeload.github.com/vitalk/ansible-secure-ssh/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219861711,"owners_count":16555988,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","security","sensible-defaults","ssh"],"created_at":"2024-08-03T09:01:30.172Z","updated_at":"2024-10-11T10:14:03.235Z","avatar_url":"https://github.com/vitalk.png","language":null,"readme":"Secure SSH\n==========\n\nThis document describes some simple steps that improve the security of your SSH\ninstallation. That steps are include:\n\n* Disable the empty password login. Empty password is a **very bad** idea.\n\n* Disable remote root login. The preferred way to gain root permissions is use\n  `su` or `sudo` command.\n\n* Add your identity key to `~/.ssh/authorized_keys` on remote host for\n  passwordless login.\n\n* Disable password login (done only if previous step is successful).\n\n* Enable [PAM](http://en.wikipedia.org/wiki/Pluggable_authentication_modules).\n\nRole Variables\n--------------\n\nThe desired behavior can be refined via variables.\n\nOption | Description\n--- | ---\n`sshd` | Name of ssh daemon, default is `ssh`.\n`sshd_config` | Path to ssh daemon config, default is `/etc/ssh/sshd_config`.\n`ssh_identity_key` | Path to your identity key. Added to `~/.ssh/authorized_keys` on remote host if both `ssh_identity_key` and `ssh_user` are defined. Default is `undefined`.\n`ssh_user` | Username on remote host whose authorized keys will be modified. Uses only if `ssh_identity_key` is defined. Default is `undefined`.\n\nFor example, you can override default variables by passing it as a parameter to\nthe role like so:\n\n```yaml\nroles:\n    - { role: ., ssh_user: vital, ssh_identity_key: /home/vital/.ssh/id_rsa.pub }\n```\n\nOr send them via command line:\n\n```bash\nansible-playbook test.yml --extra-vars \"sshd_config=/etc/sshd_config\"\n```\n\nExample Playbook\n----------------\n\nThe example below uses `sudo` to play book on your localhost via local\nconnection.\n\n```bash\nansible-playbook test.yml \\\n    -i hosts.example \\\n    -c local \\\n    -s --ask-sudo-pass\n ```\n\n```yaml\n# file: test.yml\n- hosts: local\n  roles:\n    - { role: ., sshd: ssh, sshd_config: /etc/sshd_config }\n```\n\nLicense\n-------\n\nLicensed under the [MIT license](http://mit-license.org/vitalk).\n\nAuthor Information\n------------------\n\nCreated by Vital Kudzelka.\n\nDon't hesitate create [a GitHub Issue](https://github.com/vitalk/ansible-secure-ssh/issues) if you have any bugs or suggestions.\n","funding_links":[],"categories":["ssh"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvitalk%2Fansible-secure-ssh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvitalk%2Fansible-secure-ssh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvitalk%2Fansible-secure-ssh/lists"}