Ansible Role sshd
This role ensures that sshd is configured.
Note that the role does not make use of /etc/ssh/sshd_config.d/ since not all options can be overwritten (eg. Subsystem 'sftp' already defined).
Mandatory Requirements
Install Python 3, and the python3-policycoreutils module (required for the SELinux Ansible tasks). This can be done using the linuxfabrik.lfops.policycoreutils role.
Optional Role Variables
Variable |
Description |
Default Value |
|---|---|---|
|
Specifies which address family should be used. Possible options: |
|
|
Specifies whether user authentication based on GSSAPI is allowed |
|
|
Specifies whether password authentication is allowed. |
|
|
Specifies whether root can log in using ssh. Possible options: |
|
|
Which port the sshd server should use. |
|
|
Raw (user-defined) SSH-Config. Will be placed at the end of the |
unset |
|
Enables or disables the sshd service, analogous to |
|
|
Changes the state of the sshd service, analogous to |
|
|
Which command should be used for the sftp subsystem. |
|
|
Specifies whether sshd should look up the remote hostname, and to check that the resolved host name for the remote IP address maps back to the very same IP address. |
|
Example:
# optional
sshd__address_family: 'inet'
sshd__gssapi_authentication: false
sshd__password_authentication: false
sshd__permit_root_login: 'yes'
sshd__port: 22
sshd__raw: |-
Match Group sftpusers
ChrootDirectory /data
DisableForwarding yes
ForceCommand internal-sftp
sshd__service_enabled: true
sshd__service_state: 'started'
sshd__use_dns: false