update--
This commit is contained in:
@@ -114,7 +114,7 @@ sshd_host_keys:
|
||||
|
||||
sshd_max_startups: !!str "10:30:100"
|
||||
|
||||
sshd_max_auth_tries: 3
|
||||
sshd_max_auth_tries: 6
|
||||
|
||||
sshd_max_sessions: 10
|
||||
|
||||
@@ -1472,6 +1472,7 @@ remove_samba_users: []
|
||||
# group_write_list: mbr-finanzen
|
||||
# vfs_object_recycle: true
|
||||
# recycle_path: '@Recycle.Bin'
|
||||
# vfs_object_recycle_is_visible: false
|
||||
#
|
||||
samba_shares: []
|
||||
|
||||
|
||||
@@ -67,7 +67,7 @@
|
||||
# This can be either the interface name or an IP address/netmask;
|
||||
# interface names are normally preferred
|
||||
; interfaces = 127.0.0.0/8 eth0
|
||||
interfaces = {{ samba_server_ip }}/{{ samba_server_cidr_prefix }} 127.0.0.1/8
|
||||
interfaces = {{ samba_server_ip }}/{{ samba_server_cidr_prefix }} 127.0.0.1/8
|
||||
|
||||
# Option 'hosts deny' and 'hosts allow' added to debian's default smb.conf
|
||||
hosts deny = 0.0.0.0/0
|
||||
@@ -337,7 +337,7 @@
|
||||
{% else %}
|
||||
read only = no
|
||||
{% endif %}
|
||||
{% if item.writeable is defined and item.writeable |length > 0 %}
|
||||
{% if item.writeable is defined and item.writeable|length > 0 %}
|
||||
writeable = {{ item.writeable }}
|
||||
{% else %}
|
||||
writeable = yes
|
||||
@@ -399,14 +399,18 @@
|
||||
# - included in the entry. '*' and '?' can be used to specify multiple files or
|
||||
# - directories as in DOS wildcards.
|
||||
# -
|
||||
{% if item.vfs_object_recycle_is_visible is defined and item.vfs_object_recycle_is_visible|bool %}
|
||||
veto files = /.DS_Store/
|
||||
{% else %}
|
||||
veto files = /{{ item.recycle_path | default('@Recycle.Bin') }}/.DS_Store/
|
||||
{% endif %}
|
||||
delete veto files = yes
|
||||
{% else %}
|
||||
{% else %}
|
||||
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
|
||||
|
||||
@@ -144,9 +144,15 @@ PasswordAuthentication {{ sshd_password_authentication }}
|
||||
# The default is “no”.
|
||||
PermitEmptyPasswords no
|
||||
|
||||
{% if (ansible_facts['distribution'] == "Debian") and (ansible_facts['distribution_major_version']|int > 11) %}
|
||||
# Change to yes to enable challenge-response passwords (beware issues with
|
||||
# some PAM modules and threads)
|
||||
KbdInteractiveAuthentication no
|
||||
{% else %}
|
||||
# Specifies whether challenge-response authentication is allowed (e.g. via PAM).
|
||||
# The default is “yes”.
|
||||
ChallengeResponseAuthentication no
|
||||
{% endif %}
|
||||
|
||||
# Don't read the user's ~/.rhosts and ~/.shosts files
|
||||
IgnoreRhosts yes
|
||||
@@ -389,10 +395,10 @@ Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
{% endif %}
|
||||
|
||||
# Specifies whether sshd(8) should look up the remote host name and check
|
||||
# that the resolved host name for the remote IP address maps back to the
|
||||
# Specifies whether sshd(8) should look up the remote host name and check
|
||||
# that the resolved host name for the remote IP address maps back to the
|
||||
# very same IP address.
|
||||
# The default is “yes”.
|
||||
# The default is 'yes'.
|
||||
UseDNS {{ sshd_use_dns }}
|
||||
|
||||
# Specifies whether X11 forwarding is permitted. The argument must be
|
||||
@@ -405,12 +411,12 @@ UseDNS {{ sshd_use_dns }}
|
||||
# The default is 10.
|
||||
X11DisplayOffset 10
|
||||
|
||||
# Specifies whether the system should send TCP keepalive messages to the
|
||||
# other side. If they are sent, death of the connection or crash of one
|
||||
# Specifies whether the system should send TCP keepalive messages to the
|
||||
# other side. If they are sent, death of the connection or crash of one
|
||||
# of the machines will be properly noticed. However, this means
|
||||
# that connections will die if the route is down temporarily, and some
|
||||
# people find it annoying. On the other hand, if TCP keepalives are not
|
||||
# sent, sessions may hang indefinitely on the server, leaving “ghost” users
|
||||
# that connections will die if the route is down temporarily, and some
|
||||
# people find it annoying. On the other hand, if TCP keepalives are not
|
||||
# sent, sessions may hang indefinitely on the server, leaving 'ghost' users
|
||||
# and consuming server resources.
|
||||
#
|
||||
# The default is “yes” (to send TCP keepalive messages), and the server
|
||||
@@ -463,4 +469,36 @@ Match group sftp_users
|
||||
ChrootDirectory %h
|
||||
ForceCommand internal-sftp
|
||||
|
||||
Match all
|
||||
|
||||
{% endif -%}
|
||||
|
||||
{% if (sshd_pasword_auth_user is defined) and sshd_pasword_auth_user %}
|
||||
|
||||
#-----------------------------
|
||||
# Match User for PasswordAuthentication
|
||||
#-----------------------------
|
||||
{% for item in sshd_pasword_auth_user %}
|
||||
|
||||
Match User {{ item }}
|
||||
PasswordAuthentication yes
|
||||
|
||||
Match all
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if (sshd_pasword_auth_ip is defined) and sshd_pasword_auth_ip %}
|
||||
|
||||
#-----------------------------
|
||||
# Match IP Address for PasswordAuthentication
|
||||
#-----------------------------
|
||||
{% for item in sshd_pasword_auth_ip %}
|
||||
|
||||
Match Address {{ item }}
|
||||
PasswordAuthentication yes
|
||||
|
||||
Match all
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
@@ -252,10 +252,10 @@ AcceptEnv LANG LC_*
|
||||
# By default no subsystems are defined.
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
|
||||
# Specifies whether sshd(8) should look up the remote host name and check
|
||||
# that the resolved host name for the remote IP address maps back to the
|
||||
# Specifies whether sshd(8) should look up the remote host name and check
|
||||
# that the resolved host name for the remote IP address maps back to the
|
||||
# very same IP address.
|
||||
# The default is “yes”.
|
||||
# The default is 'yes'.
|
||||
UseDNS {{ sshd_use_dns }}
|
||||
|
||||
# Specifies whether X11 forwarding is permitted. The argument must be
|
||||
@@ -268,12 +268,12 @@ UseDNS {{ sshd_use_dns }}
|
||||
# The default is 10.
|
||||
X11DisplayOffset 10
|
||||
|
||||
# Specifies whether the system should send TCP keepalive messages to the
|
||||
# other side. If they are sent, death of the connection or crash of one
|
||||
# Specifies whether the system should send TCP keepalive messages to the
|
||||
# other side. If they are sent, death of the connection or crash of one
|
||||
# of the machines will be properly noticed. However, this means
|
||||
# that connections will die if the route is down temporarily, and some
|
||||
# people find it annoying. On the other hand, if TCP keepalives are not
|
||||
# sent, sessions may hang indefinitely on the server, leaving “ghost” users
|
||||
# that connections will die if the route is down temporarily, and some
|
||||
# people find it annoying. On the other hand, if TCP keepalives are not
|
||||
# sent, sessions may hang indefinitely on the server, leaving 'ghost' users
|
||||
# and consuming server resources.
|
||||
#
|
||||
# The default is “yes” (to send TCP keepalive messages), and the server
|
||||
|
||||
Reference in New Issue
Block a user