forked from willshersystems/ansible-sshd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.yml
95 lines (77 loc) · 3.17 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
---
__sshd_config_file: "/etc/ssh/sshd_config"
__sshd_config_owner: "root"
__sshd_config_group: "root"
__sshd_config_mode: "0600"
__sshd_hostkey_owner: "root"
__sshd_hostkey_group: "root"
__sshd_hostkey_mode: "0600"
__sshd_trustedusercakeys_directory_owner: "root"
__sshd_trustedusercakeys_directory_group: "root"
__sshd_trustedusercakeys_directory_mode: "0755"
__sshd_trustedusercakeys_file_owner: "root"
__sshd_trustedusercakeys_file_group: "root"
__sshd_trustedusercakeys_file_mode: "0640"
__sshd_authorizedprincipals_directory_owner: "root"
__sshd_authorizedprincipals_directory_group: "root"
__sshd_authorizedprincipals_directory_mode: "0755"
__sshd_authorizedprincipals_file_owner: "root"
__sshd_authorizedprincipals_file_group: "root"
__sshd_authorizedprincipals_file_mode: "0644"
# The OpenSSH 5.3 in RHEL6 does not support "Match all" so we need a workaround
__sshd_compat_match_all: Match all
# The hostkeys not supported in FIPS mode, if applicable
__sshd_hostkeys_nofips: []
__sshd_required_facts:
- distribution
- distribution_major_version
- os_family
__sshd_skip_virt_env:
- docker
- podman
- container
- containerd
- VirtualPC
__sshd_binary: /usr/sbin/sshd
__sshd_service: sshd
__sshd_sftp_server: /usr/lib/openssh/sftp-server
__sshd_defaults: {}
__sshd_os_supported: false
__sshd_sysconfig_supports_crypto_policy: false
__sshd_sysconfig_supports_use_strong_rng: false
# The runtime directory is used by systemd to provide termoporary directory for the service
# This is used as a RuntimeDirectory= option in the service file and it needs to exist
# before running sshd for example in the validate mode.
__sshd_runtime_directory: ~
__sshd_runtime_directory_mode: "0755"
# this is the path to the main sshd_config which is checked for Include directive when
# drop-in directory is used
__sshd_main_config_file: ~
__sshd_drop_in_dir_mode: '0755'
# The list of hostkeys to check when there are none listed in configuration file.
# This is usually the case when the selection is up to the OpenSSH defaults or
# drop-in directory is used.
__sshd_verify_hostkeys_default: []
# This switch can control if the validate step is supported by the target OS.
# This is useful for very old OpenSSH or for tests that generate invalid configurations
__sshd_supports_validate: true
# The path to an environment file for the SSHD service
__sshd_environment_file: ~
__sshd_environment_file_mandatory: false
# The variable name we are passing from the environment file as an argument to the sshd
__sshd_environment_variable: $OPTIONS
# The systemd targets that need to be up before starting the service.
# The `network.target` is included by default in the main sshd.service (not the instantiated one)
__sshd_service_after: ~
# The systemd service name alias
__sshd_service_alias: ~
# The systemd service wants directive
__sshd_service_wants: ~
# The systemd service RestartSec directive
__sshd_service_restart_timeout: ~
# The systemd socket file does not accept the connection
__sshd_socket_accept: true
# Boolean to control if the systemd socket can be bound to non-local IP addresses
__sshd_socket_freebind: ~
# Space separated list of service names that this socket is required by
__sshd_socket_required_by: ~