openssh Server
Ansible Role for installing configuring & as default hardening our openssh_server
Requirements
None
Role Variables
| Name | Type | Default value | Purpose | Comment | Role |
|---|---|---|---|---|---|
| ansible_user | String | sysop | ansible login/management user | ||
| openssh_server_conf | Boolean | "false" | default is OS-config, if true override it with the CxS-config | noble_openssh_server | |
| openssh_server_port | String | "22" | set openssh-server Port | noble_openssh_server | |
| openssh_server_permit_root_login | Boolean | "false" | allow root-login over ssh | defaults to no! | noble_openssh_server |
| openssh_server_authorized_keys_file | String | "/local/home/%u/.ssh/authorized_keys" | set file(s) which has stored all authorized_keys to login | default to all local homes | noble_openssh_server |
| openssh_server_password_authentication | Boolean | true | controls if pwd login is allowed | (for all users) | noble_openssh_server |
| openssh_server_agent_forwarding | Boolean | false | controls if agent forwarding is allowed/enabled | defaults to no, security hardening | noble_openssh_server |
| openssh_server_tcp_forwarding | Boolean | false | controls if tcp (traffic) forwarding is allowed/enabled | defaults to no, security hardening | noble_openssh_server |
| openssh_server_x11_forwarding | Boolean | false | controls if X (gui) forwarding is allowed/enabled | defaults to no, security hardening | noble_openssh_server |
| openssh_server_compression | Boolean | false | controls if connection compression is allowed/enabled | defaults to no, security hardening | noble_openssh_server |
Dependencies
None
Example Playbook
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: noble_openssh_server, tags: ["noble", "security", "sec", "openssh_server", "openssh", "ssh"] }
License
BSD
Author Information
Author: Niklaus (Niggi) Kappeler
Maintainer: ID Product Team Linux servicedesk-linux@id.ethz.ch