coredotbin/ansible-role-openssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases 2 Wiki Activity
20 Commits 2 Branches 6 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Corbin Bartsch 4139087fa7
Update README
2023-10-29 14:04:09 -04:00
defaults
Update hostkey templating
2023-10-29 14:01:22 -04:00
handlers
Delete 'handlers/.main.yaml.swp'
2022-09-06 12:02:17 -04:00
meta
Add linting, lint files
2023-10-29 12:55:19 -04:00
tasks
Update missed variable
2023-10-29 13:45:18 -04:00
templates
Update hostkey templating
2023-10-29 14:01:22 -04:00
.ansible-lint
Add linting, lint files
2023-10-29 12:55:19 -04:00
LICENSE
Added LICENSE
2022-04-10 21:53:35 -04:00
makefile
makefile qol improvements
2023-10-29 12:55:39 -04:00
README.md
Update README
2023-10-29 14:04:09 -04:00
test.yaml
Add linting, lint files
2023-10-29 12:55:19 -04:00

README.md

ansible-role-openssh

Sensible and secure defaults for OpenSSH server.

Defaults

The defaults provided in this role are compliant with the Mozilla Modern for OpenSSH 6.7+

If you are running this role with older versions of OpenSSH, such as version 5.3 on RHEL or CentOS 6, you will need to override the defaults elsewhere (i.e. in your group_vars or host_vars). Below are a few Mozzila recommendations.

Mozilla Modern

This is the default in this role.

openssh_kexalgorithms:
  - curve25519-sha256@libssh.org
  - ecdh-sha2-nistp521
  - ecdh-sha2-nistp384
  - ecdh-sha2-nistp256
  - diffie-hellman-group-exchange-sha256

openssh_ciphers:
  - chacha20-poly1305@openssh.com
  - aes256-gcm@openssh.com
  - aes128-gcm@openssh.com
  - aes256-ctr
  - aes192-ctr
  - aes128-ctr

openssh_macs:
  - hmac-sha2-512-etm@openssh.com
  - hmac-sha2-256-etm@openssh.com
  - umac-128-etm@openssh.com
  - hmac-sha2-512
  - hmac-sha2-256
  - umac-128@openssh.com

Mozilla Intermediate

openssh_hostkeys:
  - /etc/ssh/ssh_host_rsa_key
  - /etc/ssh/ssh_host_ecdsa_key

ssh_kexalgorithms:
  - diffie-hellman-group-exchange-sha256

ssh_ciphers:
  - aes256-ctr
  - aes192-ctr
  - aes128-ctr

ssh_macs:
  - hmac-sha2-512
  - hmac-sha2-256
Description
Sensible and secure defaults for OpenSSH
https://galaxy.ansible.com/coredotbin/openssh
ansibleansible-role
Readme 62 KiB
Releases 2
Initial release Latest
2023-10-29 13:00:16 -04:00
Languages
Jinja 87.2%
Makefile 12.8%