https://github.com/systemli/ansible-role-sshd

Ansible role to install & maintain the OpenSSH Daemon
https://github.com/systemli/ansible-role-sshd

ansible ansible-role openssh-daemon playbook ssh sshd

Last synced: 7 days ago
JSON representation

Ansible role to install & maintain the OpenSSH Daemon

• Host: GitHub
• URL: https://github.com/systemli/ansible-role-sshd
• Owner: systemli
• License: gpl-3.0
• Created: 2015-05-17T11:57:28.000Z (over 9 years ago)
• Default Branch: main
• Last Pushed: 2024-03-28T12:41:42.000Z (8 months ago)
• Last Synced: 2024-03-28T13:56:00.292Z (8 months ago)
• Topics: ansible, ansible-role, openssh-daemon, playbook, ssh, sshd
• Language: Jinja
• Size: 170 KB
• Stars: 9
• Watchers: 8
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
ansible-sshd

============

[![Build Status](https://github.com/systemli/ansible-role-sshd/workflows/Integration/badge.svg?branch=main)](https://github.com/systemli/ansible-role-sshd/actions?query=workflow%3AIntegration)

[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-sshd-blue.svg)](https://galaxy.ansible.com/systemli/sshd/)

Role to install & maintain the OpenSSH Daemon. Supports centralized authorized key management.

Role Variables

--------------

The playbook requires no special configuration, but offers a bunch of options.

Defaults:

    # Set `sshd_port` to a list of ports to listen on.

    sshd_port:

      - 22

    sshd_host_keys:

      - rsa

      - ecdsa

      - ed25519

    # Set `sshd_listen_address` to a list of addresses. Defaults to all

    # IPv4+IPv6 addresses if unset.

    #sshd_listen_address: []

    sshd_syslog_facility: AUTH

    sshd_log_level: INFO

    sshd_login_grace_time: 120

    sshd_permit_root_login: "no"

    sshd_strict_modes: "yes"

    sshd_pubkey_authentication: "yes"

    sshd_authorized_keys_file: "%h/.ssh/authorized_keys"

    sshd_password_authentication: "no"

    sshd_allow_users: []

    sshd_allow_groups: []

    sshd_ignore_rhosts: "yes"

    sshd_hostbased_authentication: "no"

    sshd_permit_empty_passwords: "no"

    sshd_challenge_response_authentication: "no"

    sshd_x11_forwarding: "no"

    sshd_x11_display_offset: 10

    sshd_print_motd: "no"

    sshd_print_last_log: "yes"

    sshd_tcp_keep_alive: "yes"

    sshd_max_startups: "10:30:60"

    sshd_client_alive_interval: 3600

    sshd_client_alive_count_max: 0

    sshd_use_pam: "yes"

    sshd_use_dns: "no"

    sshd_sftp_chroot: "no"

    sshd_sftp_chroot_group: sftponly

    sshd_allow_agent_forwarding: "no"

    # manage authorized keys globally and exclusively

    # when sshd_authorized_keys_file == "/etc/ssh/authorized_keys/%u"

    # sshd_authorized_keys:

    #   - user: username

    #     key: ssh_rsa ...

    #   - user: other_username

    #     key:

    #       - key1

    #       - key2

    #   - user: git

    #     src: /var/opt/gitlab/.ssh/authorized_keys

Download

--------

Download latest release with `ansible-galaxy`

    ansible-galaxy install systemli.sshd

Example Playbook

----------------

    - hosts: servers

      roles:

         - { role: systemli.sshd }

Testing & Development

---------------------

Molecule, Docker, and Github Actions are used for continous testing.

You can easily test the role locally with

    molecule test

This requires Molecule, Vagrant and `python-vagrant` to be installed.

License

-------

GPLv3

Author Information

------------------

https://www.systemli.org