Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
4139087fa7
|
||
|
|
9da630d612
|
||
|
|
4f4c5676e9
|
11
README.md
11
README.md
@ -12,14 +12,14 @@ If you are running this role with older versions of OpenSSH, such as version 5.3
|
|||||||
This is the default in this role.
|
This is the default in this role.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
ssh_kexalgorithms:
|
openssh_kexalgorithms:
|
||||||
- curve25519-sha256@libssh.org
|
- curve25519-sha256@libssh.org
|
||||||
- ecdh-sha2-nistp521
|
- ecdh-sha2-nistp521
|
||||||
- ecdh-sha2-nistp384
|
- ecdh-sha2-nistp384
|
||||||
- ecdh-sha2-nistp256
|
- ecdh-sha2-nistp256
|
||||||
- diffie-hellman-group-exchange-sha256
|
- diffie-hellman-group-exchange-sha256
|
||||||
|
|
||||||
ssh_ciphers:
|
openssh_ciphers:
|
||||||
- chacha20-poly1305@openssh.com
|
- chacha20-poly1305@openssh.com
|
||||||
- aes256-gcm@openssh.com
|
- aes256-gcm@openssh.com
|
||||||
- aes128-gcm@openssh.com
|
- aes128-gcm@openssh.com
|
||||||
@ -27,7 +27,7 @@ ssh_ciphers:
|
|||||||
- aes192-ctr
|
- aes192-ctr
|
||||||
- aes128-ctr
|
- aes128-ctr
|
||||||
|
|
||||||
ssh_macs:
|
openssh_macs:
|
||||||
- hmac-sha2-512-etm@openssh.com
|
- hmac-sha2-512-etm@openssh.com
|
||||||
- hmac-sha2-256-etm@openssh.com
|
- hmac-sha2-256-etm@openssh.com
|
||||||
- umac-128-etm@openssh.com
|
- umac-128-etm@openssh.com
|
||||||
@ -38,8 +38,9 @@ ssh_macs:
|
|||||||
|
|
||||||
### Mozilla Intermediate
|
### Mozilla Intermediate
|
||||||
```yaml
|
```yaml
|
||||||
ssh_hostkey_file: /etc/ssh/ssh_host_rsa_key
|
openssh_hostkeys:
|
||||||
ssh_hostkey_file: /etc/ssh/ssh_host_ecdsa_key
|
- /etc/ssh/ssh_host_rsa_key
|
||||||
|
- /etc/ssh/ssh_host_ecdsa_key
|
||||||
|
|
||||||
ssh_kexalgorithms:
|
ssh_kexalgorithms:
|
||||||
- diffie-hellman-group-exchange-sha256
|
- diffie-hellman-group-exchange-sha256
|
||||||
|
|||||||
@ -7,6 +7,11 @@ openssh_address_family: any
|
|||||||
openssh_listen_addresses:
|
openssh_listen_addresses:
|
||||||
- 0.0.0.0
|
- 0.0.0.0
|
||||||
|
|
||||||
|
openssh_hostkeys:
|
||||||
|
- /etc/ssh/ssh_host_ed25519_key
|
||||||
|
- /etc/ssh/ssh_host_ecdsa_key
|
||||||
|
- /etc/ssh/ssh_host_rsa_key
|
||||||
|
|
||||||
openssh_allow_groups: ssh
|
openssh_allow_groups: ssh
|
||||||
openssh_login_grace_time: 20
|
openssh_login_grace_time: 20
|
||||||
openssh_permit_root_login: 'no'
|
openssh_permit_root_login: 'no'
|
||||||
|
|||||||
@ -19,4 +19,4 @@
|
|||||||
src: issue.net.j2
|
src: issue.net.j2
|
||||||
dest: "{{ openssh_banner_file }}"
|
dest: "{{ openssh_banner_file }}"
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
when: ssh_banner
|
when: openssh_banner
|
||||||
|
|||||||
@ -6,12 +6,10 @@ AddressFamily {{ openssh_address_family }}
|
|||||||
ListenAddress {{ a }}
|
ListenAddress {{ a }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
{% if openssh_hostkey_file is defined %}
|
{% if openssh_hostkeys is defined %}
|
||||||
HostKey {{ openssh_hostkey_file }}
|
{% for hostkey in openssh_hostkeys %}
|
||||||
{% else %}
|
HostKey {{ hostkey }}
|
||||||
HostKey /etc/ssh/openssh_host_ecdsa_key
|
{% endfor %}
|
||||||
HostKey /etc/ssh/openssh_host_ed25519_key
|
|
||||||
HostKey /etc/ssh/openssh_host_rsa_key
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if openssh_kexalgorithms is defined %}
|
{% if openssh_kexalgorithms is defined %}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user