ansible-roles/library/roles/sshd_config/defaults/main.yml

35 lines
1.0 KiB
YAML

---
sshd_install_config: True
sshd_port: 22
sshd_config_dir: /etc/ssh
sshd_config_file: sshd_config
sshd_protocol: 2
sshd_serverkeybits: 2048
sshd_password_authentication: "no"
sshd_permit_empty_passwords: "no"
# "no" or "without-password"
sshd_permit_root_login: "without-password"
sshd_strict_mode: "yes"
# If set to no, the locked users cannot log in. adduser creates the users that have no password as locked
sshd_use_pam: "yes"
# set to "yes" only if you are using s/key or something equivalent
sshd_challenge_response_authentication: "no"
sshd_use_login: "no"
sshd_permit_tunnel: "no"
sshd_gssapi_authentication: "no"
sshd_gssapi_credentials: "no"
sshd_x11_forwarding: "no"
sshd_agent_forwarding: "yes"
sshd_tcp_forwarding: "no"
sshd_permit_user_environment: "no"
sshd_show_patchlevel: "no"
# Usually /etc/issue.net
sshd_banner_path: "none"
sshd_acceptenv: "LANG LC_*"
#
sshd_enable_sftp_subsystem: True
sshd_enable_sftp_jail: False
sshd_sftp_chroot_match_group: filetransfer
sshd_sftp_chroot_directory: '%h'
sshd_sftp_force_command: 'internal-sftp'