diff options
Diffstat (limited to 'roles/common')
| -rw-r--r-- | roles/common/defaults/main.yml | 3 | ||||
| -rw-r--r-- | roles/common/templates/etc_ssh_sshd_config.j2 | 5 | 
2 files changed, 3 insertions, 5 deletions
| diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml index 642f58e..f77cc3f 100644 --- a/roles/common/defaults/main.yml +++ b/roles/common/defaults/main.yml @@ -18,7 +18,8 @@ ssh_kex_algorithms: "diffie-hellman-group-exchange-sha256"  ssh_ciphers: "aes256-ctr,aes192-ctr,aes128-ctr"  ssh_macs: "hmac-sha2-512,hmac-sha2-256,hmac-ripemd160"  sshd_allow_passwd: "no" -sshd_print_motd: "yes" +sshd_allow_chall_resp: "no" +sshd_print_motd: "no"  sshd_allow_root: "without-password"  sshd_forward_x11: "yes" diff --git a/roles/common/templates/etc_ssh_sshd_config.j2 b/roles/common/templates/etc_ssh_sshd_config.j2 index d9978e0..c0797a3 100644 --- a/roles/common/templates/etc_ssh_sshd_config.j2 +++ b/roles/common/templates/etc_ssh_sshd_config.j2 @@ -21,7 +21,6 @@ MACs {{ ssh_macs }}  # Lifetime and size of ephemeral version 1 server key  KeyRegenerationInterval 3600 -#ServerKeyBits 768  ServerKeyBits 1024  # Logging @@ -51,8 +50,7 @@ PermitEmptyPasswords no  # Change to yes to enable challenge-response passwords (beware issues with  # some PAM modules and threads) -# ChallengeResponseAuthentication no -ChallengeResponseAuthentication yes +ChallengeResponseAuthentication {{ sshd_allow_chall_resp }}  # Change to no to disable tunnelled clear text passwords  PasswordAuthentication {{ sshd_allow_passwd }} @@ -92,4 +90,3 @@ Subsystem sftp /usr/lib/openssh/sftp-server  # PAM authentication, then enable this but set PasswordAuthentication  # and ChallengeResponseAuthentication to 'no'.  UsePAM yes - | 
