openssh Server

Ansible Role for installing configuring & as default hardening our openssh_server

Requirements

None

Name	Type	Default value	Purpose	Comment	Role
ansible_user	String	sysop	ansible login/management user
openssh_server_conf	Boolean	"false"	default is OS-config, if true override it with the CxS-config		jammy_openssh_server
openssh_server_port	String	"22"	set openssh-server Port		jammy_openssh_server
openssh_server_permit_root_login	Boolean	"false"	allow root-login over ssh	defaults to no!	jammy_openssh_server
openssh_server_authorized_keys_file	String	"/local/home/%u/.ssh/authorized_keys"	set file(s) which has stored all authorized_keys to login	default to all local homes	jammy_openssh_server
openssh_server_password_authentication	Boolean	true	controls if pwd login is allowed	(for all users)	jammy_openssh_server
openssh_server_agent_forwarding	Boolean	false	controls if agent forwarding is allowed/enabled	defaults to no, security hardening	jammy_openssh_server
openssh_server_tcp_forwarding	Boolean	false	controls if tcp (traffic) forwarding is allowed/enabled	defaults to no, security hardening	jammy_openssh_server
openssh_server_x11_forwarding	Boolean	false	controls if X (gui) forwarding is allowed/enabled	defaults to no, security hardening	jammy_openssh_server
openssh_server_compression	Boolean	false	controls if connection compression is allowed/enabled	defaults to no, security hardening	jammy_openssh_server

None

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

- hosts: servers
  roles:
     - { role: jammy_openssh_server, tags: ["jammy", "security", "sec", "openssh_server", "openssh", "ssh"] }

BSD

Maintainer: Niklaus (Niggi) Kappeler

Support-Contact: servicedesk-linux@id.ethz.ch