76 lines
2.1 KiB
Django/Jinja
76 lines
2.1 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
Port {{ ssh_port }}
|
|
AddressFamily {{ ssh_address_family }}
|
|
{% for a in ssh_listen_addresses %}
|
|
ListenAddress {{ a }}
|
|
{% endfor %}
|
|
|
|
{% if ssh_hostkey_file is defined %}
|
|
HostKey {{ ssh_hostkey_file }}
|
|
{% else %}
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
|
HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
{% endif %}
|
|
|
|
{% if ssh_kexalgorithms is defined %}
|
|
KexAlgorithms {% for alg in ssh_kexalgorithms %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if ssh_ciphers is defined %}
|
|
Ciphers {% for alg in ssh_ciphers %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if ssh_macs is defined %}
|
|
MACs {% for alg in ssh_macs %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
|
|
{% endif %}
|
|
|
|
|
|
AllowGroups {{ ssh_allow_groups }}
|
|
LoginGraceTime {{ ssh_login_grace_time }}
|
|
PermitRootLogin {{ ssh_permit_root_login }}
|
|
StrictModes {{ ssh_strict_modes }}
|
|
MaxAuthTries {{ ssh_max_auth_tries }}
|
|
MaxSessions {{ ssh_max_sessions }}
|
|
|
|
PubkeyAuthentication {{ ssh_pubkey_authentication }}
|
|
AuthorizedKeysFile {{ ssh_authorized_keys_file }}
|
|
|
|
HostbasedAuthentication {{ ssh_hostbased_authentication }}
|
|
|
|
PasswordAuthentication {{ ssh_password_authentication }}
|
|
PermitEmptyPasswords {{ ssh_permit_empty_passwords }}
|
|
ChallengeResponseAuthentication {{ ssh_challenge_response_authentication }}
|
|
KerberosAuthentication {{ ssh_kerberos_authentication }}
|
|
GSSAPIAuthentication {{ ssh_gssapi_authentication }}
|
|
UsePAM {{ ssh_use_pam }}
|
|
|
|
AllowAgentForwarding {{ ssh_allow_agent_forwarding }}
|
|
PermitTunnel {{ ssh_permit_tunnel }}
|
|
|
|
X11Forwarding {{ ssh_x11_forwarding }}
|
|
PrintMotd {{ ssh_print_motd }}
|
|
|
|
{% if ssh_banner == true %}
|
|
Banner {{ ssh_banner_file }}
|
|
{% endif %}
|
|
|
|
{% if ssh_permit_user_env == true %}
|
|
PermitUserEnvironment yes
|
|
|
|
{% for e in ssh_accept_env %}
|
|
AcceptEnv {{ e }}
|
|
{% endfor %}
|
|
{% else %}
|
|
PermitUserEnvironment no
|
|
{% endif %}
|
|
|
|
LogLevel {{ ssh_loglevel }}
|
|
|
|
{% if ansible_facts['os_family'] == 'RedHat' %}
|
|
Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
|
|
{% elif ansible_facts['os_family'] == 'Debian' %}
|
|
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
|
|
{% endif %}
|