# {{ ansible_managed }}

Port {{ ssh_port }}
AddressFamily {{ ssh_address_family }}
{% for a in ssh_listen_addresses %}
ListenAddress {{ a }}
{% endfor %}

{% if ssh_hostkey_file is defined %}
HostKey {{ ssh_hostkey_file }}
{% else %}
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
{% endif %}

{% if ssh_kexalgorithms is defined %}
KexAlgorithms {% for alg in ssh_kexalgorithms %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
{% endif %}

{% if ssh_ciphers is defined %}
Ciphers {% for alg in ssh_ciphers %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
{% endif %}

{% if ssh_macs is defined %}
MACs {% for alg in ssh_macs %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
{% endif %}


AllowGroups {{ ssh_allow_groups }}
LoginGraceTime {{ ssh_login_grace_time }}
PermitRootLogin {{ ssh_permit_root_login }}
StrictModes {{ ssh_strict_modes }}
MaxAuthTries {{ ssh_max_auth_tries }}
MaxSessions {{ ssh_max_sessions }}

PubkeyAuthentication {{ ssh_pubkey_authentication }}
AuthorizedKeysFile {{ ssh_authorized_keys_file }}

HostbasedAuthentication {{ ssh_hostbased_authentication }}

PasswordAuthentication {{ ssh_password_authentication }}
PermitEmptyPasswords {{ ssh_permit_empty_passwords }}
ChallengeResponseAuthentication {{ ssh_challenge_response_authentication }}
KerberosAuthentication {{ ssh_kerberos_authentication }}
GSSAPIAuthentication {{ ssh_gssapi_authentication }}
UsePAM {{ ssh_use_pam }}

AllowAgentForwarding {{ ssh_allow_agent_forwarding }}
PermitTunnel {{ ssh_permit_tunnel }}

X11Forwarding {{ ssh_x11_forwarding }}
PrintMotd {{ ssh_print_motd }}

{% if ssh_banner == true %}
Banner {{ ssh_banner_file }}
{% endif %}

{% if ssh_permit_user_env == true %}
PermitUserEnvironment yes

{% for e in ssh_accept_env %}
AcceptEnv {{ e }}
{% endfor %}
{% else %}
PermitUserEnvironment no
{% endif %}

LogLevel {{ ssh_loglevel }}

{% if ansible_facts['os_family'] == 'RedHat' %}
Subsystem sftp	/usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
{% elif ansible_facts['os_family'] == 'Debian' %}
Subsystem sftp	/usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
{% endif %}