This Ansible role provides numerous security-related ssh configurations, providing all-round base protection.
Implemented enhancements:
Fixed bugs:
Closed issues:
Implemented enhancements:
This new version introduces many new variables! See the following list for details:
Name | Default Value | Description |
---|---|---|
ssh_banner |
false |
true to print a banner on login |
ssh_client_hardening |
true |
false to stop harden the client |
ssh_client_port |
'22' |
Specifies the port number to connect on the remote host. |
ssh_compression |
false |
Specifies whether compression is enabled after the user has authenticated successfully. |
ssh_max_auth_retries |
2 |
Specifies the maximum number of authentication attempts permitted per connection. |
ssh_print_debian_banner |
false |
true to print debian specific banner |
ssh_server_enabled |
true |
false to disable the opensshd server |
ssh_server_hardening |
true |
false to stop harden the server |
ssh_server_match_group |
'' | Introduces a conditional block. If all of the criteria on the Match line are satisfied, the keywords on the following lines override those set in the global section of the config file, until either another Match line or the end of the file. |
ssh_server_match_user |
'' | Introduces a conditional block. If all of the criteria on the Match line are satisfied, the keywords on the following lines override those set in the global section of the config file, until either another Match line or the end of the file. |
ssh_server_permit_environment_vars |
false |
true to specify that ~/.ssh/environment and environment= options in ~/.ssh/authorized_keys are processed by sshd |
ssh_use_dns |
false |
Specifies whether sshd should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address. |
Merged pull requests:
Implemented enhancements:
Fixed bugs:
create ssh_config and set permissions to root/644
step repeated #104
Merged pull requests:
remove support for ansible 1.9 #87 (rndmh3ro)
Change the ssh_client_ports list variable into a simple non-list variable named ssh_client_port. #84 (fullyint)
{% for port in ssh_client_ports -%}
Port {{port}}
{% endfor %}
Port {{ ssh_client_port }}
Fix ssh config to handle custom options per Host #83 (fullyint)
# one or more hosts, to which ssh-client can connect to. Default is empty, but should be configured for security reasons!
ssh_remote_hosts: [] # ssh
# Hosts with custom options. # ssh
# Example:
# ssh_remote_hosts:
# - names: ['example.com', 'example2.com']
# options: ['Port 2222', 'ForwardAgent yes']
# - names: ['example3.com']
# options: ['StrictHostKeyChecking no']
ssh_remote_hosts: []
Implemented enhancements:
Fixed bugs:
Closed issues:
Merged pull requests:
Other improvements:
Implemented enhancements:
Fixed bugs:
Closed issues:
Merged pull requests:
Implemented enhancements:
Closed issues:
ssh\_server\_ports
a bit misleading in the vars section? #62
Merged pull requests:
Implemented enhancements:
Closed issues: