Skip to content
/ Stouts.openssh Public
forked from Stouts/Stouts.openssh

Ansible role which installs and setups OpenSSH (client and server)

License

MIT license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wealthworks/Stouts.openssh

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
vars
vars
 
 
.bumpversion.cfg
.bumpversion.cfg
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
test.yml
test.yml
 
 

Repository files navigation

Stouts.openssh

Build Status Galaxy Tag

Ansible role which installs and setups OpenSSH client and server.

Variables

The role variables and default values.

openssh_enabled: yes          # Enable the role

openssh_client_install: yes   # Install OpenSSH Client
openssh_server_install: yes   # Install OpenSSH Server

openssh_server_vars: {}       # Use this variable for setup server
                              # Ex. openssh_server_vars:
                              #       PasswordAuthentication: no

openssh_client_vars: {}       # Use this variable for setup client
                              # Ex. openssh_client_vars:
                              #       ForwardAgent: yes

openssh_server_defaults:      # Default values. For setup server use 'openssh_server_vars' variable above
  Port: 22
  AllowUsers: []
  AllowGroups: []
  ListenAddress: [ "0.0.0.0", "::"]
  Protocol: 2
  HostKey:
  - /etc/ssh/ssh_host_rsa_key
  - /etc/ssh/ssh_host_dsa_key
  - /etc/ssh/ssh_host_ecdsa_key
  UserPrivilegeSeparation: yes
  KeyRegenerationInterval: 3600
  ServerKeyBits: 768
  SyslogFacility: AUTH
  LogLevel: INFO
  LoginGraceTime: 120
  PermitRootLogin: yes
  StrictModes: yes
  RSAAuthentication: yes
  PubkeyAuthentication: yes
  IgnoreRhost: yes
  RhostsRSAAuthentication: no
  HostbasedAuthentication: no
  IgnoreUserKnownHosts: yes
  PermitEmptyPasswords: no
  ChallengeResponseAuthentication: no
  PasswordAuthentication: yes
  KerberosAuthentication: no
  KerberosGetAFSToken: no
  KerberosOrLocalPasswd: yes
  KerberosTicketCleanup: yes
  GSSAPIAuthentication: no
  GSSAPICleanupCredentials: yes
  X11Forwarding: yes
  X11DisplayOffset: 10
  PrintMotd: no
  PrintLastLog: yes
  TCPKeepAlive: yes
  UseLogin: no
  MaxStartups: "10:30:60"
  Banner: /etc/issue.net
  AcceptEnv: LANG LC_*
  Subsystem: sftp /usr/lib/openssh/sftp-server
  UsePAM: yes
  UseDNS: no

# Client options
openssh_client_defaults:      # Default values. For setup client use 'openssh_client_vars' variable above
  Host: "*"
  ForwardAgent: no
  ForwardX11: no
  ForwardX11Trusted: yes
  RhostsRSAAuthentication: no
  RSAAuthentication: yes
  PasswordAuthentication: yes
  HostbasedAuthentication: no
  GSSAPIAuthentication: no
  GSSAPIDelegateCredentials: no
  GSSAPIKeyExchange: no
  GSSAPITrustDNS: no
  BatchMode: no
  CheckHostIP: yes
  AddressFamily: any
  ConnectTimeout: 0
  StrictHostKeyChecking: ask
  IdentityFile:
  - ~/.ssh/identity
  - ~/.ssh/id_rsa
  - ~/.ssh/id_dsa
  Port: 22
  Protocol: "2,1"
  EscapeChar: "~"
  Tunnel: no
  TunnelDevice: "any:any"
  PermitLocalCommand: no
  VisualHostKey: no
  SendEnv:
  - LANG LC_*
  HashKnownHosts: yes
  GSSAPIAuthentication: yes
  GSSAPIDelegateCredentials: no

*_

Usage

Add Stouts.openssh to your roles and set variables in your playbook file.

Example:

- hosts: all

  roles:
    - Stouts.openssh

  vars:
    openssh_server_vars:
      PasswordAuthentication: no
      PermitRootLogin: no
      X11Forwarding: no

License

Licensed under the MIT License. See the LICENSE file for details.

Feedback, bug-reports, requests, ...

Are welcome!

About

Ansible role which installs and setups OpenSSH (client and server)

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

10 tags

Packages

No packages published

Languages

  • Makefile 100.0%