From 80605e8530e1423a1c6f43aaa8791a17bf4075d6 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 2 Aug 2016 16:04:44 +0200
Subject: [PATCH] library/roles/sshd_config/defaults/main.yml: More restrictive
 defaults for the ssh daemon. library/roles/ubuntu-deb-general/meta/main.yml:
 Always run sshd_config.

---
 sshd_config/defaults/main.yml    | 2 +-
 ubuntu-deb-general/meta/main.yml | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/sshd_config/defaults/main.yml b/sshd_config/defaults/main.yml
index 49279a49..f7232432 100644
--- a/sshd_config/defaults/main.yml
+++ b/sshd_config/defaults/main.yml
@@ -14,7 +14,7 @@ sshd_use_pam: "yes"
 sshd_challenge_response_authentication: "no"
 sshd_enable_sftp_subsystem: True
 sshd_use_login: "no"
-sshd_permit_tunnel: "yes"
+sshd_permit_tunnel: "no"
 sshd_gssapi_authentication: "no"
 sshd_gssapi_credentials: "no"
 sshd_x11_forwarding: "no"
diff --git a/ubuntu-deb-general/meta/main.yml b/ubuntu-deb-general/meta/main.yml
index 041d0423..dbe7332e 100644
--- a/ubuntu-deb-general/meta/main.yml
+++ b/ubuntu-deb-general/meta/main.yml
@@ -4,4 +4,5 @@ dependencies:
   - role: '../../library/roles/timezone'
   - role: '../../library/roles/deb-set-hostname'
   - role: '../../library/roles/deb-set-locale'
+  - role: '../../library/roles/sshd_config'
   - role: '../../library/roles/fail2ban'