senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/ansible/roles/openssh-server/templates/opensshd.conf.j2
okinrev 327ac36a30 BASE: completing the initial repo state
2025-12-03 22:56:50 +01:00

68 lines
2 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
{% if sshd_Port_list is defined %}
{% for port in sshd_Port_list %}
Port {{ port }}
{% endfor %}
{% endif %}
{% if sshd_ListenAddress_list is defined %}
{% for address in sshd_ListenAddress_list %}
ListenAddress {{ address }}
{% endfor %}
{% endif %}
{% for keyfile in sshd_HostKey_file_list %}
HostKey {{ keyfile }}
{% endfor %}
ChallengeResponseAuthentication no
UsePAM yes
PrintMotd no
AcceptEnv LANG LC_*
{% if sshd_sssd_ldap and ((ansible_distribution == "Ubuntu" and ansible_distribution_version is version('20.04', '>=')) or (ansible_distribution == "Debian" and ansible_distribution_version is version('11', '>='))) %}
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
AuthorizedKeysCommandUser nobody
{% endif %}
{% if sshd_AllowGroups_list is defined %}
AllowGroups {{ sshd_AllowGroups_list | join(' ') }}
{% elif ansible_virtualization_role == "host" or ansible_virtualization_role == "NA" %}
AllowGroups {{ sshd_default_AllowGroups_list_physical | join(' ') }}
{% elif ansible_virtualization_type == "lxc" %}
AllowGroups {{ sshd_default_AllowGroups_list_container | join(' ') }}
{% else %}
AllowGroups {{ sshd_default_AllowGroups_list_virtual_machine | join(' ') }}
{% endif %}
# BEGIN extended security settings
Ciphers {{ sshd_Ciphers | join(',') }}
MACs {{ sshd_MACs | join(',') }}
KexAlgorithms {{ sshd_KexAlgorithms | join(',') }}
TCPKeepAlive no
ClientAliveCountMax 4
ClientAliveInterval 30
{% if sshd_RevokedKeys_list is defined %}
RevokedKeys /etc/ssh/revoked_keys
{% endif %}
# END extended security settings
{% if sshd_sftp_enabled %}
# enable sftp configuration using internal-sftp subsystem for group policies
Subsystem sftp internal-sftp
{% for item in sshd_sftp_group_access %}
# sftp configuration for group {{ item.name }}
Match Group {{ item.name }}
ForceCommand internal-sftp
ChrootDirectory {{ item.ChrootDirectory }}
AllowTcpForwarding no
AllowAgentForwarding no
PermitRootLogin no
X11Forwarding no
{% endfor %}
{% else %}
Subsystem sftp /usr/lib/openssh/sftp-server
{% endif %}
Reference in a new issue View git blame Copy permalink