45 lines
1.1 KiB
Django/Jinja
45 lines
1.1 KiB
Django/Jinja
# Hardened SSH Configuration
|
|
# Generated by Ansible - Do not edit manually
|
|
|
|
# Network
|
|
Port {{ ssh_port }}
|
|
AddressFamily inet
|
|
ListenAddress {{ ssh_listen_address }}
|
|
|
|
# Authentication
|
|
PermitRootLogin {{ ssh_permit_root_login }}
|
|
PubkeyAuthentication {{ ssh_pubkey_authentication }}
|
|
PasswordAuthentication {{ ssh_password_authentication }}
|
|
ChallengeResponseAuthentication {{ ssh_challenge_response_auth }}
|
|
UsePAM yes
|
|
MaxAuthTries {{ ssh_max_auth_tries }}
|
|
|
|
{% if ssh_allowed_users | length > 0 %}
|
|
AllowUsers {{ ssh_allowed_users | join(' ') }}
|
|
{% endif %}
|
|
|
|
# Cryptography
|
|
Ciphers {{ ssh_ciphers | join(',') }}
|
|
MACs {{ ssh_macs | join(',') }}
|
|
KexAlgorithms {{ ssh_kex_algorithms | join(',') }}
|
|
|
|
# Features
|
|
X11Forwarding {{ ssh_x11_forwarding }}
|
|
PrintMotd no
|
|
PrintLastLog yes
|
|
TCPKeepAlive yes
|
|
PermitUserEnvironment no
|
|
Compression no
|
|
ClientAliveInterval {{ ssh_client_alive_interval }}
|
|
ClientAliveCountMax {{ ssh_client_alive_count_max }}
|
|
UseDNS no
|
|
PermitTunnel no
|
|
Banner /etc/issue.net
|
|
|
|
# Subsystems
|
|
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
|
|
|
|
# Logging
|
|
SyslogFacility AUTH
|
|
LogLevel VERBOSE
|