ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update ..

Browse Source
This commit is contained in:
Christoph
2020-06-06 22:41:08 +02:00
parent 0560d125b1
commit 48a531ea3e
7 changed files with 392 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
roles/common/tasks/main.yml
View File

@ -10,13 +10,6 @@
- basic
# tags supported inside sshd.yml
#
# sshd-config
- import_tasks: sshd.yml
tags: sshd
# tags supported inside apt.yml
#
# apt-update
@ -75,6 +68,13 @@
- webadmin
# tags supported inside sshd.yml
#
# sshd-config
- import_tasks: sshd.yml
tags: sshd
# tags supported inside sudoers.yml:
#
# sudoers-remove

19
roles/common/tasks/sshd.yml
View File

@ -13,7 +13,21 @@
tags:
- sshd-config
- name: (sshd.yml) Create new sshd_config from template sshd_config.j2
- name: (sshd.yml) Create/Update new sshd_config from template sshd_config.j2
template:
src: etc/ssh/sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0644
validate: 'sshd -f %s -T'
notify: "Restart ssh"
when:
- create_sftp_group is defined and not create_sftp_group
tags:
- sshd-config
- name: (sshd.yml) Create/Update sshd_config for chrooted sftp_group from template sshd_config.j2
template:
src: etc/ssh/sshd_config.j2
dest: /etc/ssh/sshd_config
@ -21,8 +35,9 @@
group: root
mode: 0644
validate: 'sshd -f %s -T -C user=sftp_users'
#backup: yes
notify: "Restart ssh"
when:
- create_sftp_group is defined and create_sftp_group
tags:
- sshd-config

13
roles/common/templates/etc/ssh/sshd_config.j2
View File

@ -83,7 +83,7 @@ MaxSessions 10
#
#UsePrivilegeSeparation sandbox
{% else %}
UsePrivilegeSeparation sandbox
UsePrivilegeSeparation {{ sshd_use_privilege_separation }}
{% endif %}
# The server disconnects after this time if the user has not
@ -326,6 +326,17 @@ TCPKeepAlive yes
# The default is “yes”.
PrintLastLog yes
# Specifies whether remote hosts are allowed to connect to ports forwarded for the client.
# By default, sshd(8) binds remote port forwardings to the loopback address. This prevents
# other remote hosts from connecting to forwarded ports.
#
# GatewayPorts can be used to specify that sshd should allow remote port forwardings to
# bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be
# no to force remote port forwardings to be available to the local host only, yes to force
# remote port forwardings to bind to the wildcard address, or clientspecified to allow the
# client to select the address to which the forwarding is bound. The default is no.
GatewayPorts {{ sshd_gateway_ports }}
#-----------------------------
# Kerberos options