2021-12-12 05:56:26 +01:00
|
|
|
{{ ansible_managed | comment }}
|
|
|
|
|
|
|
|
SyslogFacility AUTH
|
|
|
|
LogLevel VERBOSE
|
|
|
|
|
|
|
|
AddressFamily any
|
|
|
|
ListenAddress 0.0.0.0
|
|
|
|
ListenAddress ::
|
|
|
|
|
|
|
|
Port 22
|
|
|
|
|
|
|
|
MaxStartups 10:30:100
|
|
|
|
|
|
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
|
|
|
HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
|
|
|
2023-07-04 04:04:48 +02:00
|
|
|
KexAlgorithms {{ openssh__kex_algorithms | join(",") }}
|
|
|
|
Ciphers {{ openssh__ciphers | join(",") }}
|
|
|
|
MACs {{ openssh__macs | join(",") }}
|
2021-12-12 05:56:26 +01:00
|
|
|
|
|
|
|
AuthenticationMethods publickey
|
|
|
|
|
|
|
|
TrustedUserCAKeys /etc/ssh/users_ca.pub
|
|
|
|
AuthorizedPrincipalsFile /etc/ssh/authorized_principals
|
|
|
|
|
|
|
|
StrictModes yes
|
|
|
|
UsePAM no
|
|
|
|
PermitRootLogin yes
|
|
|
|
PermitUserRC no
|
|
|
|
PermitUserEnvironment no
|
|
|
|
AllowAgentForwarding no
|
|
|
|
AllowTcpForwarding yes
|
|
|
|
X11Forwarding no
|
|
|
|
PermitTTY yes
|
|
|
|
PermitTunnel no
|
|
|
|
VersionAddendum none
|
|
|
|
PrintLastLog yes
|
|
|
|
PrintMotd yes
|
|
|
|
TCPKeepAlive yes
|
|
|
|
UseDNS no
|
|
|
|
AcceptEnv LANG LC_*
|
|
|
|
|
|
|
|
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
|