47 lines
1001 B
Django/Jinja
47 lines
1001 B
Django/Jinja
# {{ ansible_managed }}
|
|
# SSH Server Configuration
|
|
|
|
Port {{ ssh_port }}
|
|
Protocol 2
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
|
|
# Logging
|
|
SyslogFacility AUTH
|
|
LogLevel INFO
|
|
|
|
# Authentication
|
|
LoginGraceTime 120
|
|
PermitRootLogin {{ ssh_permit_root_login }}
|
|
StrictModes yes
|
|
MaxAuthTries {{ ssh_max_auth_tries }}
|
|
MaxSessions {{ ssh_max_sessions }}
|
|
|
|
PubkeyAuthentication {{ ssh_pubkey_authentication }}
|
|
AuthorizedKeysFile .ssh/authorized_keys
|
|
|
|
PasswordAuthentication {{ ssh_password_authentication }}
|
|
PermitEmptyPasswords no
|
|
ChallengeResponseAuthentication no
|
|
|
|
# Security
|
|
IgnoreRhosts yes
|
|
HostbasedAuthentication no
|
|
X11Forwarding no
|
|
PrintMotd no
|
|
PrintLastLog yes
|
|
TCPKeepAlive yes
|
|
Compression delayed
|
|
|
|
# Client alive
|
|
ClientAliveInterval {{ ssh_client_alive_interval }}
|
|
ClientAliveCountMax {{ ssh_client_alive_count_max }}
|
|
|
|
# Allow only ansible user
|
|
AllowUsers ansible
|
|
|
|
# Disable unused features
|
|
UsePAM yes
|
|
Banner none
|
|
AcceptEnv LANG LC_*
|
|
Subsystem sftp /usr/lib/openssh/sftp-server |