update...

group_vars/all/main.yml

@@ -991,22 +991,37 @@ sshd_host_keys:
   - /etc/ssh/ssh_host_ecdsa_key
   - /etc/ssh/ssh_host_ed25519_key
 
+sshd_max_startups: !!str "10:30:100"
+
+sshd_max_auth_tries: 3
+
+sshd_max_sessions: 10
+
 # only for debian version <= 9
 #
 sshd_use_privilege_separation: !!str "sandbox"
 
-sshd_permit_root_login: !!str "no"
+sshd_permit_root_login: !!str "prohibit-password"
 
 sshd_authorized_keys_file: ".ssh/authorized_keys .ssh/authorized_keys2"
 
 sshd_pubkey_authentication: !!str "yes"
 
-sshd_password_authentication: !!str "no"
+sshd_password_authentication: !!str "yes"
 
 sshd_use_pam: !!str "yes"
 
+#sshd_allowed_users:
+#  - chris
+#  - sysadm
+sshd_allowed_users: {}
+
 sshd_print_motd: !!str "no"
 
+sshd_use_dns: !!str "no"
+
+sshd_gateway_ports: !!str "no"
+
 # sshd_kexalgorithms
 #
 # Example:
@@ -1016,14 +1031,16 @@ sshd_print_motd: !!str "no"
 #      - diffie-hellman-group14-sha1
 #
 #sshd_kexalgorithms: {}
-sshd_kexalgorithms:
-  - curve25519-sha256
-  - curve25519-sha256@libssh.org
-  - diffie-hellman-group16-sha512
-  - diffie-hellman-group18-sha512
-  - diffie-hellman-group-exchange-sha256
+sshd_hostkeyalgorithms:
+  - ssh-ed25519
+  - ssh-ed25519-cert-v01@openssh.com
+  - rsa-sha2-256
+  - rsa-sha2-512
+  - rsa-sha2-256-cert-v01@openssh.com
+  - rsa-sha2-512-cert-v01@openssh.com
 
-# sshd__ciphers
+
+# sshd_kexalgorithms
 #
 # Example:
 #    sshd_ciphers:
@@ -1045,24 +1062,6 @@ sshd_macs:
   - hmac-sha2-512-etm@openssh.com
   - umac-128-etm@openssh.com
 
-#sshd_hostkeyalgorithms: {}
-sshd_hostkeyalgorithms:
-  - ssh-ed25519
-  - ssh-ed25519-cert-v01@openssh.com
-  - ecdsa-sha2-nistp256
-  - ecdsa-sha2-nistp384
-  - ecdsa-sha2-nistp521
-  - rsa-sha2-256
-  - rsa-sha2-512
-  - rsa-sha2-256-cert-v01@openssh.com
-  - rsa-sha2-512-cert-v01@openssh.com
-
-sshd_use_dns: !!str "no"
-
-sshd_allowed_users: {}
-
-sshd_gateway_ports: !!str "no"
-
 
 # ---
 # vars used by roles/common/tasks/sudoers.yml