update..

2024-01-25 11:19:46 +01:00 · 2024-01-25 11:19:46 +01:00 · 762e38586e
commit 762e38586e
parent 3cb8ac362b
2 changed files with 39 additions and 42 deletions
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@ -2052,7 +2052,7 @@ sshd_host_keys:

 sshd_max_startups: !!str "10:30:100"

-sshd_max_auth_tries: 3
+sshd_max_auth_tries: 6

 sshd_max_sessions: 10

--- a/roles/common/templates/etc/ssh/sshd_config.j2
+++ b/roles/common/templates/etc/ssh/sshd_config.j2
@ -1,8 +1,4 @@
-# *** ---------------------------------------------- ***
-# ***                                                ***
 # {{ ansible_managed }}
-# ***                                                ***
-# *** ---------------------------------------------- ***

 #-----------------------------
 # Daemon
@ -56,18 +52,19 @@ HostKey {{ item }}
 # to the SSH daemon. See sshd_config(5) for specifiing the three colon 
 # separated values.
 # The default is 10.
+#MaxStartups 10:30:100
 #MaxStartups 3
-MaxStartups 10:30:100
+MaxStartups {{ sshd_max_startups }}

 # Specifies the maximum number of authentication attempts permitted per
 # connection.
 # The default is 6.
-MaxAuthTries 3
+MaxAuthTries {{ sshd_max_auth_tries }}

 # Specifies the maximum number of open sessions permitted per network
 # connection.
 # The default is 10.
-MaxSessions 10
+MaxSessions {{ sshd_max_sessions }}


 #-----------------------------
@ -388,7 +385,7 @@ AcceptEnv LANG LC_*

 # Configures an external subsystem (e.g. file transfer daemon).
 # By default no subsystems are defined.
-{% if ansible_facts['distribution_major_version'] | int >= 11 %}
+{% if ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] | int >= 11 %}
 {% if sshd_config_sftp.found|int == 0 %}
 Subsystem sftp /usr/lib/openssh/sftp-server
 {% else %}
@ -401,7 +398,7 @@ Subsystem sftp /usr/lib/openssh/sftp-server
 # Specifies whether sshd(8) should look up the remote host name and check
 # that the resolved host name for the remote IP address maps back to the
 # very same IP address.
-# The default is “yes”.
+# The default is 'yes'.
 UseDNS {{ sshd_use_dns }}

 # Specifies whether X11 forwarding is permitted. The argument must be 
@ -419,7 +416,7 @@ X11DisplayOffset 10
 # of the machines will be properly noticed.  However, this means
 # that connections will die if the route is down temporarily, and some
 # people find it annoying. On the other hand, if TCP keepalives are not
-# sent, sessions may hang indefinitely on the server, leaving “ghost” users 
+# sent, sessions may hang indefinitely on the server, leaving 'ghost' users
 # and consuming server resources.
 #
 # The default is “yes” (to send TCP keepalive messages), and the server