Skip to content

ho-ansible/ssh

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
plays
plays
 
 
tasks
tasks
 
 
templates
templates
 
 
tests
tests
 
 
vars
vars
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Ansible role: ssh

Configure OpenSSH client/server

Regenerating host keys

This should be done by the openssh package already:

ssh-keygen -G /tmp/moduli-cand -b 4096
ssh-keygen -T /tmp/moduli -f /tmp/moduli-cand # slow!
mv /tmp/moduli /etc/ssh/moduli
rm /etc/ssh/ssh_host_*_key
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key

User keys:

ssh-keygen -t ed25519 -o -a 100
ssh-keygen -t rsa -b 4096 -o -a 100

Requirements

Only tested on Debian stable, for now.

Role variables

  • ssh_port (default: 22): TCP port server listens on
  • ssh_allow (default: all): allow (via firewall) only these hosts/subnets to connect to server. Either IPv4 or IPv6 are ok.
  • ssh_extra_cfg: any extra lines to put in client config
  • ssh_extra_iptables: list of strings to add to firewall chain

Playbooks

  • main.yml: apply role
  • uninstall.yml: remove. Run before removing config from inventory.

Dependencies

License

  • Ansible role licensed MIT

Author Information

About

Ansible role: secure remote shell

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages