openssh Server

Ansible Role for installing configuring & as default hardening our openssh_server

Requirements

None

Role Variables

Name Type Default value Purpose Comment Role
ansible_user String sysop ansible login/management user
openssh_server_conf Boolean "false" default is OS-config, if true override it with the CxS-config jammy_openssh_server
openssh_server_port String "22" set openssh-server Port jammy_openssh_server
openssh_server_permit_root_login Boolean "false" allow root-login over ssh defaults to no! jammy_openssh_server
openssh_server_authorized_keys_file String "/local/home/%u/.ssh/authorized_keys" set file(s) which has stored all authorized_keys to login default to all local homes jammy_openssh_server
openssh_server_password_authentication Boolean true controls if pwd login is allowed (for all users) jammy_openssh_server
openssh_server_agent_forwarding Boolean false controls if agent forwarding is allowed/enabled defaults to no, security hardening jammy_openssh_server
openssh_server_tcp_forwarding Boolean false controls if tcp (traffic) forwarding is allowed/enabled defaults to no, security hardening jammy_openssh_server
openssh_server_x11_forwarding Boolean false controls if X (gui) forwarding is allowed/enabled defaults to no, security hardening jammy_openssh_server
openssh_server_compression Boolean false controls if connection compression is allowed/enabled defaults to no, security hardening jammy_openssh_server

Dependencies

None

Example Playbook

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

- hosts: servers
  roles:
     - { role: jammy_openssh_server, tags: ["jammy", "security", "sec", "openssh_server", "openssh", "ssh"] }

License

BSD

Author Information

Maintainer: Niklaus (Niggi) Kappeler

Support-Contact: servicedesk-linux@id.ethz.ch