78 lines
1.8 KiB
YAML
78 lines
1.8 KiB
YAML
---
|
|
|
|
# List of port sshd will listen on
|
|
sshd_ports:
|
|
- 22
|
|
|
|
# Will restrict ssh access to the following IP/CIDR (only if iptables_manage == True)
|
|
sshd_src_ip:
|
|
- 0.0.0.0/0
|
|
|
|
# sshd_src_ip:
|
|
# - 12.13.14.15
|
|
# - 192.168.17.0/24
|
|
|
|
# Allow the root user to login
|
|
sshd_permit_root_login: False
|
|
# Allow password authentication
|
|
sshd_password_auth: True
|
|
|
|
# Control the AllowUsers, DenyUsers, AllowGroups and DenyGroups
|
|
# sshd_allow_users:
|
|
# - xavier
|
|
# - dani@EXAMPLE.ORG
|
|
# sshd_deny_users:
|
|
# - dimitri
|
|
# - flo
|
|
# sshd_allow_groups:
|
|
# - tech
|
|
# - support@EXAMPLE.ORG
|
|
# sshd_deny_groups:
|
|
# - sales
|
|
# - interim@EXAMPLE.ORG
|
|
#
|
|
#
|
|
|
|
# User configuration
|
|
ssh_users: []
|
|
#ssh_users:
|
|
# - name: dani
|
|
# create_user: False
|
|
# ssh_keys:
|
|
# - 'ssh-rsa AAAAB3NzaC1yc2...'
|
|
# - 'ssh-rsa AAAAB3NzaC1yc2...'
|
|
# keys_exclusive: True
|
|
# keys_file: %h/.ssh/authorized_keys
|
|
# key_options:
|
|
# - from="192.168.3.7"
|
|
# - no-pty
|
|
# sftp_only: True
|
|
# chroot: /var/www/html
|
|
# allow_forwarding: False
|
|
# sudo_defaults:
|
|
# - '!env_reset'
|
|
# - '!requiretty'
|
|
# sudo:
|
|
# - cmd:
|
|
# - /usr/local/bin/
|
|
# run_as: root
|
|
# nopasswd: False
|
|
#
|
|
#ssh_extra_users (can be used as ssh_users, both will be merged)
|
|
#
|
|
#
|
|
# Max number of conn / minute. 0 to disable rate limit
|
|
sshd_max_conn_per_minute: 0
|
|
|
|
# Authorized Keys custom command
|
|
# sshd_authorized_keys_command: /usr/local/bin/ssh-getkeys
|
|
# sshd_authorized_keys_command_user: ldapsshkey
|
|
|
|
# Use DNS. If disabled, kerb auth won't be used (as it uses DNS)
|
|
# You might need to disable it when you need no SSH login delay even if DNS is unavailable
|
|
sshd_use_dns: True
|
|
|
|
# List of users for which no management of the SSH keys will be done by ansible (they will
|
|
# be able to set their own ~/.ssh/authorized_keys)
|
|
ssh_local_users: []
|