update--
This commit is contained in:
parent
b009cf5787
commit
0aff5e1e90
@ -114,7 +114,7 @@ sshd_host_keys:
|
|||||||
|
|
||||||
sshd_max_startups: !!str "10:30:100"
|
sshd_max_startups: !!str "10:30:100"
|
||||||
|
|
||||||
sshd_max_auth_tries: 3
|
sshd_max_auth_tries: 6
|
||||||
|
|
||||||
sshd_max_sessions: 10
|
sshd_max_sessions: 10
|
||||||
|
|
||||||
@ -1472,6 +1472,7 @@ remove_samba_users: []
|
|||||||
# group_write_list: mbr-finanzen
|
# group_write_list: mbr-finanzen
|
||||||
# vfs_object_recycle: true
|
# vfs_object_recycle: true
|
||||||
# recycle_path: '@Recycle.Bin'
|
# recycle_path: '@Recycle.Bin'
|
||||||
|
# vfs_object_recycle_is_visible: false
|
||||||
#
|
#
|
||||||
samba_shares: []
|
samba_shares: []
|
||||||
|
|
||||||
|
|||||||
@ -337,7 +337,7 @@
|
|||||||
{% else %}
|
{% else %}
|
||||||
read only = no
|
read only = no
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.writeable is defined and item.writeable |length > 0 %}
|
{% if item.writeable is defined and item.writeable|length > 0 %}
|
||||||
writeable = {{ item.writeable }}
|
writeable = {{ item.writeable }}
|
||||||
{% else %}
|
{% else %}
|
||||||
writeable = yes
|
writeable = yes
|
||||||
@ -399,7 +399,11 @@
|
|||||||
# - included in the entry. '*' and '?' can be used to specify multiple files or
|
# - included in the entry. '*' and '?' can be used to specify multiple files or
|
||||||
# - directories as in DOS wildcards.
|
# - directories as in DOS wildcards.
|
||||||
# -
|
# -
|
||||||
|
{% if item.vfs_object_recycle_is_visible is defined and item.vfs_object_recycle_is_visible|bool %}
|
||||||
|
veto files = /.DS_Store/
|
||||||
|
{% else %}
|
||||||
veto files = /{{ item.recycle_path | default('@Recycle.Bin') }}/.DS_Store/
|
veto files = /{{ item.recycle_path | default('@Recycle.Bin') }}/.DS_Store/
|
||||||
|
{% endif %}
|
||||||
delete veto files = yes
|
delete veto files = yes
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
||||||
|
|||||||
@ -144,9 +144,15 @@ PasswordAuthentication {{ sshd_password_authentication }}
|
|||||||
# The default is “no”.
|
# The default is “no”.
|
||||||
PermitEmptyPasswords no
|
PermitEmptyPasswords no
|
||||||
|
|
||||||
|
{% if (ansible_facts['distribution'] == "Debian") and (ansible_facts['distribution_major_version']|int > 11) %}
|
||||||
|
# Change to yes to enable challenge-response passwords (beware issues with
|
||||||
|
# some PAM modules and threads)
|
||||||
|
KbdInteractiveAuthentication no
|
||||||
|
{% else %}
|
||||||
# Specifies whether challenge-response authentication is allowed (e.g. via PAM).
|
# Specifies whether challenge-response authentication is allowed (e.g. via PAM).
|
||||||
# The default is “yes”.
|
# The default is “yes”.
|
||||||
ChallengeResponseAuthentication no
|
ChallengeResponseAuthentication no
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Don't read the user's ~/.rhosts and ~/.shosts files
|
# Don't read the user's ~/.rhosts and ~/.shosts files
|
||||||
IgnoreRhosts yes
|
IgnoreRhosts yes
|
||||||
@ -392,7 +398,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
|
|||||||
# Specifies whether sshd(8) should look up the remote host name and check
|
# Specifies whether sshd(8) should look up the remote host name and check
|
||||||
# that the resolved host name for the remote IP address maps back to the
|
# that the resolved host name for the remote IP address maps back to the
|
||||||
# very same IP address.
|
# very same IP address.
|
||||||
# The default is “yes”.
|
# The default is 'yes'.
|
||||||
UseDNS {{ sshd_use_dns }}
|
UseDNS {{ sshd_use_dns }}
|
||||||
|
|
||||||
# Specifies whether X11 forwarding is permitted. The argument must be
|
# Specifies whether X11 forwarding is permitted. The argument must be
|
||||||
@ -410,7 +416,7 @@ X11DisplayOffset 10
|
|||||||
# of the machines will be properly noticed. However, this means
|
# of the machines will be properly noticed. However, this means
|
||||||
# that connections will die if the route is down temporarily, and some
|
# that connections will die if the route is down temporarily, and some
|
||||||
# people find it annoying. On the other hand, if TCP keepalives are not
|
# people find it annoying. On the other hand, if TCP keepalives are not
|
||||||
# sent, sessions may hang indefinitely on the server, leaving “ghost” users
|
# sent, sessions may hang indefinitely on the server, leaving 'ghost' users
|
||||||
# and consuming server resources.
|
# and consuming server resources.
|
||||||
#
|
#
|
||||||
# The default is “yes” (to send TCP keepalive messages), and the server
|
# The default is “yes” (to send TCP keepalive messages), and the server
|
||||||
@ -463,4 +469,36 @@ Match group sftp_users
|
|||||||
ChrootDirectory %h
|
ChrootDirectory %h
|
||||||
ForceCommand internal-sftp
|
ForceCommand internal-sftp
|
||||||
|
|
||||||
|
Match all
|
||||||
|
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|
||||||
|
{% if (sshd_pasword_auth_user is defined) and sshd_pasword_auth_user %}
|
||||||
|
|
||||||
|
#-----------------------------
|
||||||
|
# Match User for PasswordAuthentication
|
||||||
|
#-----------------------------
|
||||||
|
{% for item in sshd_pasword_auth_user %}
|
||||||
|
|
||||||
|
Match User {{ item }}
|
||||||
|
PasswordAuthentication yes
|
||||||
|
|
||||||
|
Match all
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if (sshd_pasword_auth_ip is defined) and sshd_pasword_auth_ip %}
|
||||||
|
|
||||||
|
#-----------------------------
|
||||||
|
# Match IP Address for PasswordAuthentication
|
||||||
|
#-----------------------------
|
||||||
|
{% for item in sshd_pasword_auth_ip %}
|
||||||
|
|
||||||
|
Match Address {{ item }}
|
||||||
|
PasswordAuthentication yes
|
||||||
|
|
||||||
|
Match all
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|||||||
@ -255,7 +255,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
|
|||||||
# Specifies whether sshd(8) should look up the remote host name and check
|
# Specifies whether sshd(8) should look up the remote host name and check
|
||||||
# that the resolved host name for the remote IP address maps back to the
|
# that the resolved host name for the remote IP address maps back to the
|
||||||
# very same IP address.
|
# very same IP address.
|
||||||
# The default is “yes”.
|
# The default is 'yes'.
|
||||||
UseDNS {{ sshd_use_dns }}
|
UseDNS {{ sshd_use_dns }}
|
||||||
|
|
||||||
# Specifies whether X11 forwarding is permitted. The argument must be
|
# Specifies whether X11 forwarding is permitted. The argument must be
|
||||||
@ -273,7 +273,7 @@ X11DisplayOffset 10
|
|||||||
# of the machines will be properly noticed. However, this means
|
# of the machines will be properly noticed. However, this means
|
||||||
# that connections will die if the route is down temporarily, and some
|
# that connections will die if the route is down temporarily, and some
|
||||||
# people find it annoying. On the other hand, if TCP keepalives are not
|
# people find it annoying. On the other hand, if TCP keepalives are not
|
||||||
# sent, sessions may hang indefinitely on the server, leaving “ghost” users
|
# sent, sessions may hang indefinitely on the server, leaving 'ghost' users
|
||||||
# and consuming server resources.
|
# and consuming server resources.
|
||||||
#
|
#
|
||||||
# The default is “yes” (to send TCP keepalive messages), and the server
|
# The default is “yes” (to send TCP keepalive messages), and the server
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user