ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reduce output from ansible playbooks. Some minor changes.

Browse Source
This commit is contained in:
Christoph
2019-07-03 04:14:14 +02:00
parent 21fcd86115
commit 505cdbf120
25 changed files with 3158 additions and 615 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
roles/common/templates/etc/ssh/sshd_config.j2
View File

@@ -161,7 +161,11 @@ HostbasedAuthentication no
# The allow/deny directives are processed in the following order: DenyUsers,
# AllowUsers, DenyGroups, and finally AllowGroups.
# By default, login is allowed for all users.
#AllowUsers chris cityslang sysadm
{% if (fact_sshd_allowed_users is defined) and fact_sshd_allowed_users %}
AllowUsers {{ fact_sshd_allowed_users }}
{% else %}
#AllowUsers back chris sysadm cityslang christoph
{% endif %}
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
@@ -184,6 +188,55 @@ UsePAM yes
#UseLogin no
#-----------------------------
# Cryptography
#-----------------------------
# Specifies the available KEX (Key Exchange) algorithms.
# The default is:
## curve25519-sha256@libssh.org,
## ecdh-sha2-nistp256,
## ecdh-sha2-nistp384,
## ecdh-sha2-nistp521,
## diffie-hellman-group-exchange-sha256,
## diffie-hellman-group14-sha1.
{% if (fact_sshd_kexalgorithms is defined) and fact_sshd_kexalgorithms %}
KexAlgorithms {{ fact_sshd_kexalgorithms }}
{% else %}
#KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
{% endif %}
# Specifies the ciphers allowed for protocol version 2.
# The default is:
## aes128-ctr,
## aes192-ctr,
## aes256-ctr,
## aes128-gcm@openssh.com,
## aes256-gcm@openssh.com,
## chacha20-poly1305@openssh.com.
{% if (fact_sshd_ciphers is defined) and fact_sshd_ciphers %}
Ciphers {{ fact_sshd_ciphers }}
{% else %}
#Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
{% endif %}
# Specifies the available MAC (message authentication code) algorithms.
# The default is:
## umac-64-etm@openssh.com,
## umac-128-etm@openssh.com,
## hmac-sha2-256-etm@openssh.com,
## hmac-sha2-512-etm@openssh.com,
## umac-64@openssh.com,
## umac-128@openssh.com,
## hmac-sha2-256,
## hmac-sha2-512.
{% if (fact_sshd_macs is defined) and fact_sshd_macs %}
MACs {{ fact_sshd_macs }}
{% else %}
#MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
{% endif %}
#-----------------------------
# Logging
#-----------------------------