weareinteractive.ssh
is an Ansible role which:
- Installs OpenSSH (if required)
- Configures OpenSSH
- Ensures OpenSSH is running and started on boot
Note:
Since Ansible Galaxy switched all role names to the organization name, this role has moved from
franklinkim.ssh
toweareinteractive.ssh
!
Using ansible-galaxy
:
$ ansible-galaxy install weareinteractive.ssh
Using requirements.yml
:
- src: weareinteractive.ssh
Using git
:
$ git clone https://github.com/weareinteractive/ansible-ssh.git weareinteractive.ssh
- Ansible >= 2.9
- sshknownhosts installed in your
ANSIBLE_LIBRARY
path (see #4), only required when thessh_known_hosts
list is used.
Here is a list of all the default variables for this role, which are also available in defaults/main.yml
.
---
# For more information about default variables see:
# http://www.ansibleworks.com/docs/playbooks_variables.html#id26
#
# ssh_known_hosts:
# - github.com
# ssh_config:
# HostKey:
# - /etc/ssh/ssh_host_rsa_key
# - /etc/ssh/ssh_host_dsa_key
# - /etc/ssh/ssh_host_ecdsa_key
# - /etc/ssh/ssh_host_ed25519_key
# ChallengeResponseAuthentication: "no"
# UsePAM: "yes"
# X11Forwarding: "yes"
# PrintMotd: "no"
# AcceptEnv: LANG LC_*
# Subsystem: sftp /usr/lib/openssh/sftp-server
#
# variable fallback defaults
# usually overridden from Play or distro specific vars file
ssh_config: {}
ssh_packages: []
ssh_service: sshd
# DEPRICATION NOTICE:
# use the `ssh_config` map @see var/DISTRIBUTION/VERSION.yml
ssh_port: [22]
ssh_protocol: 2
ssh_listen_address: []
ssh_permit_root_login: 'yes'
ssh_pubkey_authentication: 'yes'
ssh_password_authentication: 'yes'
# start on boot
ssh_service_enabled: true
# current state: started, stopped
ssh_service_state: started
# system wide known hosts
ssh_known_hosts: []
These are the handlers that are defined in handlers/main.yml
.
---
# handlers for ssh role
- name: restart ssh
service:
name: "{{ ssh_service }}"
state: restarted
when: ssh_service_state != 'stopped'
This is an example playbook:
---
- hosts: all
become: true
roles:
- weareinteractive.ssh
vars:
ssh_known_hosts:
- github.com
- bitbucket.org
ssh_config:
Port: 22
Protocol: 2
HostKey:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_dsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation: "yes"
KeyRegenerationInterval: 3600
ServerKeyBits: 1024
SyslogFacility: AUTH
LogLevel: INFO
LoginGraceTime: 120
PermitRootLogin: "no"
StrictModes: "yes"
RSAAuthentication: "yes"
PubkeyAuthentication: "yes"
IgnoreRhosts: "yes"
RhostsRSAAuthentication: "no"
HostbasedAuthentication: "no"
PermitEmptyPasswords: "no"
ChallengeResponseAuthentication: "no"
PasswordAuthentication: "yes"
X11Forwarding: "yes"
X11DisplayOffset: 10
PrintMotd: "no"
PrintLastLog: "yes"
TCPKeepAlive: "yes"
AcceptEnv: LANG LC_*
Subsystem: sftp /usr/lib/openssh/sftp-server
UsePAM: "yes"
$ git clone https://github.com/weareinteractive/ansible-ssh.git
$ cd ansible-ssh
$ make test
In lieu of a formal style guide, take care to maintain the existing coding style. Add unit tests and examples for any new or changed functionality.
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request
Note: To update the README.md
file please install and run ansible-role
:
$ gem install ansible-role
$ ansible-role docgen
Copyright (c) We Are Interactive under the MIT license.