This repo contains the SSH Config (ssh_config) Ansible role.
This role configures OpenSSH with either a Standard, or Hardened configuration. Additionally, it configures a fancy motd and issue.net for users that SSH in to the server with a rather boilerplate warning.
- Configure OpenSSH in either a Standard or Hardened config (The default is Standard)
- Standard configuration is SSH key only access with a login banner
- Hardened configuration is similar to standard but also disables the following:
- X11 Forwarding
- A shorter grace time for login
- Disable TCP forwarding
- Configure a login banner
- Sets the
/etc/motd
file to a standardized login banner - Sets the
/etc/issue.net
file to a standardized login banner - Remove the
update-motd
package so that the custom motd doesn't get overridden
- Sets the
The following variables are optional:
ssh_config.configuration
- Sets the SSH configuration toStandard
orHardened
. If the string does not matchHardened
it defaults to the Standard configurationssh_config.orgname
- Sets the company name shown in the login banner. If undefined the default isRoute 1337 LLC
This role is fully tested via Test Kitchen using sample inventory data contained in this repo.
TESTING.md contains details and instructions for testing.
Route 1337 LLC's open source code heavily relies on donations. If you find this Ansible role useful, please consider using the GitHub Sponsors button to show your continued support.
Thank you for your support!