https://github.com/claranet/ansible-role-sshd
Install and configure OpenSSH Server
https://github.com/claranet/ansible-role-sshd
ansible claranet role sshd
Last synced: 6 months ago
JSON representation
Install and configure OpenSSH Server
- Host: GitHub
- URL: https://github.com/claranet/ansible-role-sshd
- Owner: claranet
- License: mpl-2.0
- Created: 2022-06-15T15:36:04.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-11-06T15:01:26.000Z (11 months ago)
- Last Synced: 2025-03-28T00:34:34.724Z (7 months ago)
- Topics: ansible, claranet, role, sshd
- Language: Jinja
- Homepage:
- Size: 60.5 KB
- Stars: 0
- Watchers: 11
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# Ansible role - sshd
[](https://www.claranet.fr/)
[](LICENSE)
[](https://github.com/claranet/ansible-role-sshd/releases)
[](https://github.com/claranet/ansible-role-sshd/actions?query=workflow%3A%22Ansible+Molecule%22)
[](https://github.com/ansible/ansible)
[](https://galaxy.ansible.com/claranet/sshd)
> :star: Star us on GitHub — it motivates us a lot!
Install and configure SSHd. Manages Certificate Authority
## :warning: Requirements
Ansible >= 2.10
## :zap: Installation
```bash
ansible-galaxy install claranet.sshd
```
## :gear: Role variables
Variable | Default value | Description
--------------------------------------|-------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------
sshd_trustedusercakeys_content | **empty** | Content of the Trusted User Keys Certificate Authority
sshd_principals | **{}** | Content of [AuthorizedPrincipalsFile](https://man.openbsd.org/sshd_config#AuthorizedPrincipalsFile)
sshd_principals_list_merge | **append** | How `sshd_principals` and `sshd_principals_default` are combined.
sshd_config_template | **sshd_config.j2** | Default template name for /etc/ssh/sshd_config
sshd_config_chmod | **444** | Default mode for /etc/ssh/sshd_config
sshd_config | **{}** | ssh config options
sshd_config_list_merge | **append** | How `sshd_config` and `sshd_default_default` are combined.
sshd_config_list_separated_by_comma | **[]** | sshd_config options separated by coma
sshd_config_list_separated_by_newline | **[]** | sshd_config options multi line splited
sshd_yes_i_know_what_i_am_doing | **false** | by-pass check AuthorizedPrincipalsFile ends
sshd_config_d_include | **false** | Enable "Include config.d/*"
sshd_banner_template | https://raw.githubusercontent.com/claranet/motd/master/banner | SSH banner template
Can be a URL, a local template or `null`
sshd_banner_template_prepend | **empty** | Prepend raw content to `sshd_banner_template`
sshd_banner_template_append | See [defaults/main/main.yml](defaults/main/main.yml) | Append raw content to `sshd_banner_template`
sshd_banner_template_username | **empty** | Used when `sshd_banner_template` is an URL
sshd_banner_template_password | **empty** | Used when `sshd_banner_template` is an URL
## :arrows_counterclockwise: Dependencies
N/A
## :pencil2: Example Playbook
```yaml
---
- hosts: all
vars:
sshd_trustedusercakeys_content: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=secret/public_key') }}"
sshd_principals_default:
admin:
- adm
roles:
- claranet.sshd
```
### Customize SSHd configuration
```yaml
sshd_config:
HostKeyAlgorithms:
- ssh-dss
- ssh-rsa
```
Will be rendered as `HostKeyAlgorithms ssh-dss,ssh-rsa` in the config file.
### Delete a key from default configuration
To delete a key from the default config, you can set the value as `null`.
```yaml
sshd_config:
CASignatureAlgorithm: null
```
## :closed_lock_with_key: [Hardening](HARDENING.md)
## :heart_eyes_cat: [Contributing](CONTRIBUTING.md)
## :copyright: [License](LICENSE)
[Mozilla Public License Version 2.0](https://www.mozilla.org/en-US/MPL/2.0/)