51 lines
1.3 KiB
YAML
51 lines
1.3 KiB
YAML
|
---
|
||
|
|
# file: roles/openssh-server/defaults/main.yml
|
||
|
|
|
||
|
|
sshd_default_AllowGroups_list_container: [ 'root', 'op', 'sysop' ]
|
||
|
|
sshd_default_AllowGroups_list_virtual_machine: "{{ sshd_default_AllowGroups_list_container + [ 'localadm' ] }}"
|
||
|
|
sshd_default_AllowGroups_list_physical: "{{ sshd_default_AllowGroups_list_virtual_machine + [ 'backupop' ] }}"
|
||
|
|
|
||
|
|
sshd_HostKey_file_list:
|
||
|
|
- '/etc/ssh/ssh_host_ed25519_key'
|
||
|
|
- '/etc/ssh/ssh_host_rsa_key'
|
||
|
|
- '/etc/ssh/ssh_host_ecdsa_key'
|
||
|
|
|
||
|
|
sshd_MACs:
|
||
|
|
- hmac-sha2-512-etm@openssh.com
|
||
|
|
- hmac-sha2-256-etm@openssh.com
|
||
|
|
- umac-128-etm@openssh.com
|
||
|
|
- hmac-sha2-512
|
||
|
|
- hmac-sha2-256
|
||
|
|
|
||
|
|
sshd_kex_version_minimum_67:
|
||
|
|
- curve25519-sha256@libssh.org
|
||
|
|
- diffie-hellman-group-exchange-sha256
|
||
|
|
|
||
|
|
sshd_kex_version_80_to_84:
|
||
|
|
- sntrup4591761x25519-sha512@tinyssh.org
|
||
|
|
- curve25519-sha256@libssh.org
|
||
|
|
- diffie-hellman-group-exchange-sha256
|
||
|
|
|
||
|
|
sshd_kex_version_85_to_99:
|
||
|
|
- sntrup761x25519-sha512@openssh.com
|
||
|
|
- curve25519-sha256@libssh.org
|
||
|
|
- diffie-hellman-group-exchange-sha256
|
||
|
|
|
||
|
|
sshd_kex_version_100:
|
||
|
|
- mlkem768x25519-sha256
|
||
|
|
- sntrup761x25519-sha512@openssh.com
|
||
|
|
- curve25519-sha256@libssh.org
|
||
|
|
- diffie-hellman-group-exchange-sha256
|
||
|
|
|
||
|
|
|
||
|
|
sshd_Ciphers:
|
||
|
|
- chacha20-poly1305@openssh.com
|
||
|
|
- aes256-gcm@openssh.com
|
||
|
|
- aes128-gcm@openssh.com
|
||
|
|
- aes256-ctr
|
||
|
|
- aes192-ctr
|
||
|
|
- aes128-ctr
|
||
|
|
|
||
|
|
sshd_sftp_enabled: False
|
||
|
|
sshd_sssd_ldap: True
|