ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2024-01-25 11:19:46 +01:00
parent 3cb8ac362b
commit 762e38586e
2 changed files with 39 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all/main.yml
View File

@ -2052,7 +2052,7 @@ sshd_host_keys:
sshd_max_startups: !!str "10:30:100" sshd_max_startups: !!str "10:30:100"
sshd_max_auth_tries: 3 sshd_max_auth_tries: 6
sshd_max_sessions: 10 sshd_max_sessions: 10

17
roles/common/templates/etc/ssh/sshd_config.j2
View File

@ -1,8 +1,4 @@
# *** ---------------------------------------------- ***
# *** ***
# {{ ansible_managed }} # {{ ansible_managed }}
# *** ***
# *** ---------------------------------------------- ***
#----------------------------- #-----------------------------
# Daemon # Daemon
@ -56,18 +52,19 @@ HostKey {{ item }}
# to the SSH daemon. See sshd_config(5) for specifiing the three colon # to the SSH daemon. See sshd_config(5) for specifiing the three colon
# separated values. # separated values.
# The default is 10. # The default is 10.
#MaxStartups 10:30:100
#MaxStartups 3 #MaxStartups 3
MaxStartups 10:30:100 MaxStartups {{ sshd_max_startups }}
# Specifies the maximum number of authentication attempts permitted per # Specifies the maximum number of authentication attempts permitted per
# connection. # connection.
# The default is 6. # The default is 6.
MaxAuthTries 3 MaxAuthTries {{ sshd_max_auth_tries }}
# Specifies the maximum number of open sessions permitted per network # Specifies the maximum number of open sessions permitted per network
# connection. # connection.
# The default is 10. # The default is 10.
MaxSessions 10 MaxSessions {{ sshd_max_sessions }}
#----------------------------- #-----------------------------
@ -388,7 +385,7 @@ AcceptEnv LANG LC_*
# Configures an external subsystem (e.g. file transfer daemon). # Configures an external subsystem (e.g. file transfer daemon).
# By default no subsystems are defined. # By default no subsystems are defined.
{% if ansible_facts['distribution_major_version'] | int >= 11 %} {% if ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] | int >= 11 %}
{% if sshd_config_sftp.found|int == 0 %} {% if sshd_config_sftp.found|int == 0 %}
Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp /usr/lib/openssh/sftp-server
{% else %} {% else %}
@ -401,7 +398,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
# Specifies whether sshd(8) should look up the remote host name and check # Specifies whether sshd(8) should look up the remote host name and check
# that the resolved host name for the remote IP address maps back to the # that the resolved host name for the remote IP address maps back to the
# very same IP address. # very same IP address.
# The default is “yes”. # The default is 'yes'.
UseDNS {{ sshd_use_dns }} UseDNS {{ sshd_use_dns }}
# Specifies whether X11 forwarding is permitted. The argument must be # Specifies whether X11 forwarding is permitted. The argument must be
@ -419,7 +416,7 @@ X11DisplayOffset 10
# of the machines will be properly noticed. However, this means # of the machines will be properly noticed. However, this means
# that connections will die if the route is down temporarily, and some # that connections will die if the route is down temporarily, and some
# people find it annoying. On the other hand, if TCP keepalives are not # people find it annoying. On the other hand, if TCP keepalives are not
# sent, sessions may hang indefinitely on the server, leaving “ghost” users # sent, sessions may hang indefinitely on the server, leaving 'ghost' users
# and consuming server resources. # and consuming server resources.
# #
# The default is “yes” (to send TCP keepalive messages), and the server # The default is “yes” (to send TCP keepalive messages), and the server