https://github.com/stephrobert/ansible-role-sshd
https://github.com/stephrobert/ansible-role-sshd
Last synced: 4 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/stephrobert/ansible-role-sshd
- Owner: stephrobert
- Created: 2023-12-15T14:13:39.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-16T15:18:33.000Z (over 1 year ago)
- Last Synced: 2025-10-09T07:07:49.444Z (8 months ago)
- Language: Jinja
- Size: 1.15 MB
- Stars: 2
- Watchers: 1
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# stephrobert.sshd
[](https://github.com/stephrobert)
[](https://github.com/stephrobert/ansible-role-sshd/blob/main/LICENSE)
[](https://github.com/stephrobert/ansible-role-sshd/releases)
[](https://github.com/stephrobert/ansible-role-sshd/actions?query=workflow%3A%22Ansible+Molecule%22)
[](https://galaxy.ansible.com/stephrobert/sshd)[](https://github.com/ansible/ansible)
⭐ Star us on GitHub — it motivates us a lot!
Install sshd
**Platforms Supported**:
| Platform | Versions |
|----------|----------|
| Debian | bullseye |
| Ubuntu | jammy |
## ⚠️ Requirements
Ansible >= 2.11.
### Ansible role dependencies
None.
## ⚡ Installation
### Install with Ansible Galaxy
```shell
ansible-galaxy install stephrobert.sshd
```
### Install with git
If you do not want a global installation, clone it into your `roles_path`.
```bash
git clone git@github.com:stephrobert/ansible-role-sshd.git stephrobert.sshd
```
But I often add it as a submodule in a given `playbook_dir` repository.
```bash
git submodule add git@github.com:stephrobert/ansible-role-sshd.git roles/stephrobert.sshd
```
As the role is not managed by Ansible Galaxy, you do not have to specify the
github user account.
### ✏️ Example Playbook
Basic usage is:
```yaml
- hosts: all
roles:
- role: stephrobert.sshd
vars:
sshd_config: {}
```
## ⚙️ Role Variables
Variables are divided in three types.
The **default vars** section shows you which variables you may
override in your ansible inventory. As a matter of fact, all variables should
be defined there for explicitness, ease of documentation as well as overall
role manageability.
The **context variables** are shown in section below hint you
on how runtime context may affects role execution.
### Default variables
Role default variables from `defaults/main.yml`.
| Variable Name | Value |
|---------------|-------|
| sshd_config | {}
|
### Context variables
Those variables from `vars/*.{yml,json}` are loaded dynamically during task
runtime using the `include_vars` module.
Variables loaded from `vars/main.yml`.
| Variable Name | Value |
|---------------|-------|
| _sshd_config | AcceptEnv: LANG LC_*
AddressFamily: any
AllowAgentForwarding: false
AllowTcpForwarding: false
AllowUsers: ansible
AuthorizedKeysCommand: none
AuthorizedKeysCommandUser: nobody
AuthorizedKeysFile: .ssh/authorized_keys
AuthorizedPrincipalsFile: none
Banner: /etc/issue.net
ChrootDirectory: none
ClientAliveCountMax: 2
ClientAliveInterval: 300
Compression: false
ForceCommand: none
GSSAPIAuthentication: false
GSSAPICleanupCredentials: true
GatewayPorts: false
HostKey: /etc/ssh/ssh_host_rsa_key
HostbasedAuthentication: false
IgnoreRhosts: true
IgnoreUserKnownHosts: false
KbdInteractiveAuthentication: true
KerberosAuthentication: false
KerberosGetAFSToken: false
KerberosOrLocalPasswd: true
KerberosTicketCleanup: true
ListenAddress: 0.0.0.0
LogLevel: INFO
LoginGraceTime: 60
MaxAuthTries: 3
MaxSessions: 2
MaxStartups: 10:30:100
PasswordAuthentication: false
PermitEmptyPasswords: false
PermitRootLogin: false
PermitTTY: true
PermitTunnel: false
PermitUserEnvironment: false
PidFile: /var/run/sshd.pid
Port: 22
PrintLastLog: true
PrintMotd: true
PubkeyAuthentication: true
RekeyLimit: default 60s
StrictModes: true
Subsystem: sftp /usr/lib/openssh/sftp-server
SyslogFacility: AUTH
TCPKeepAlive: false
UseDNS: false
UsePAM: false
VersionAddendum: none
X11DisplayOffset: 10
X11Forwarding: false
X11UseLocalhost: true
|
## Author Information
none