forked from ISTI-ansible-roles/ansible-roles
35 lines
1.0 KiB
YAML
35 lines
1.0 KiB
YAML
---
|
|
sshd_install_config: True
|
|
sshd_port: 22
|
|
sshd_config_dir: /etc/ssh
|
|
sshd_config_file: sshd_config
|
|
sshd_protocol: 2
|
|
sshd_serverkeybits: 2048
|
|
sshd_password_authentication: "no"
|
|
sshd_permit_empty_passwords: "no"
|
|
# "no" or "without-password"
|
|
sshd_permit_root_login: "without-password"
|
|
sshd_strict_mode: "yes"
|
|
# If set to no, the locked users cannot log in. adduser creates the users that have no password as locked
|
|
sshd_use_pam: "yes"
|
|
# set to "yes" only if you are using s/key or something equivalent
|
|
sshd_challenge_response_authentication: "no"
|
|
sshd_use_login: "no"
|
|
sshd_permit_tunnel: "no"
|
|
sshd_gssapi_authentication: "no"
|
|
sshd_gssapi_credentials: "no"
|
|
sshd_x11_forwarding: "no"
|
|
sshd_agent_forwarding: "yes"
|
|
sshd_tcp_forwarding: "no"
|
|
sshd_permit_user_environment: "no"
|
|
sshd_show_patchlevel: "no"
|
|
# Usually /etc/issue.net
|
|
sshd_banner_path: "none"
|
|
sshd_acceptenv: "LANG LC_*"
|
|
#
|
|
sshd_enable_sftp_subsystem: True
|
|
sshd_enable_sftp_jail: False
|
|
sshd_sftp_chroot_match_group: filetransfer
|
|
sshd_sftp_chroot_directory: '%h'
|
|
sshd_sftp_force_command: 'internal-sftp'
|