initial upload

2025-10-10 11:07:34 +00:00
commit 6224cd01c6
161 changed files with 8964 additions and 0 deletions
--- a/roles/ssh/defaults/main.yml
+++ b/roles/ssh/defaults/main.yml
@@ -0,0 +1,43 @@
+---
+
+ssh_client_settings:
+#  Host:
+#    - Host: "*"
+#      SendEnv: LANG LC_*
+#      HashKnownHosts: yes
+  ForwardAgent: yes
+  HashKnownHosts: yes
+
+
+ssh_server_settings:
+  Port: 22
+  Protocol: 2
+  HostKey:
+    - /etc/ssh/ssh_host_rsa_key
+    - /etc/ssh/ssh_host_ecdsa_key
+    - /etc/ssh/ssh_host_ed25519_key
+  SyslogFacility: AUTH
+  LogLevel: INFO
+  PermitRootLogin: prohibit-password
+  PubkeyAuthentication: yes
+  PermitEmptyPasswords: no
+  AuthenticationMethods publickey,keyboard-interactive
+  ChallengeResponseAuthentication: yes
+  PasswordAuthentication: no
+  X11Forwarding: no
+  PrintMotd: no
+  PrintLastLog: yes
+  AcceptEnv: LANG LC_*
+  Subsystem:
+    - sftp /usr/lib/openssh/sftp-server
+  UsePAM: yes
+
+  # Hardened cipher list
+  KexAlgorithms: curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
+  Ciphers: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+  MACs: hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256,hmac-sha2-512
+  HostKeyAlgorithms: ssh-rsa,ssh-ed25519
+
+#  Match:
+#    - Match: "*"
+#      AllowAgentForwarding: yes