ansible/roles/openssh_server/templates/sshd_config.j2

44 lines
882 B
Django/Jinja

{{ ansible_managed | comment }}
SyslogFacility AUTH
LogLevel VERBOSE
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
Port 22
MaxStartups 10:30:100
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
KexAlgorithms {{ openssh__kex_algorithms | join(",") }}
Ciphers {{ openssh__ciphers | join(",") }}
MACs {{ openssh__macs | join(",") }}
AuthenticationMethods publickey
TrustedUserCAKeys /etc/ssh/users_ca.pub
AuthorizedPrincipalsFile /etc/ssh/authorized_principals
StrictModes yes
UsePAM no
PermitRootLogin yes
PermitUserRC no
PermitUserEnvironment no
AllowAgentForwarding no
AllowTcpForwarding yes
X11Forwarding no
PermitTTY yes
PermitTunnel no
VersionAddendum none
PrintLastLog yes
PrintMotd yes
TCPKeepAlive yes
UseDNS no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO