An Ansible to install and configure the ssh server.
The Openssh Server is the default access to almost all *nix systems. Having a role, that installs and configures this core service is mandatory for most operators.
This Ansible Role installs and configures the openssh server (sshd).
- install needed packages
- configure sshd
- configure a banner
- configure SELinux
- configure firewalld
- apply some compliance standards (OpensSCAP Standard System Security Profile)
Used Modules:
- Ansible package Module
- Ansible package_facts Module
- Ansible service Module
- Ansible template Module
- Ansible firewalld Module
- Ansible seport Module
Install from Ansible Galaxy
ansible-galaxy install while_true_do.srv_ssh
Install from Github
git clone https://github.com/while-true-do/ansible-role-srv_ssh.git while_true_do.srv_ssh
---
# defaults file for while_true_do.srv_ssh
## Package Management
wtd_srv_ssh_package: "openssh-server"
# State can be present|latest|absent
wtd_srv_ssh_package_state: "present"
## Configuration Management
# Specify the banner file
wtd_srv_ssh_conf_banner: ""
# Per default some Compliance Standards are applied. You can review them in the
# README.md or the templates.
# You can specify addtional configuration.
wtd_srv_ssh_conf:
Port: "22"
# You can define a banner [builtin|<path>], where "builtin" will use the
# template from this role.
Banner: "builtin"
# key: "value"
# key: "value"
# Defining the banner this way will use the banner template, which is the
# default behavior.
## Service Management
wtd_srv_ssh_service: "sshd"
# State can be started|stopped
wtd_srv_ssh_service_state: "started"
wtd_srv_ssh_service_enabled: true
## Firewalld Management
wtd_srv_ssh_fw_mgmt: true
wtd_srv_ssh_fw_port: "{{ wtd_srv_ssh_conf.Port }}/tcp"
# State can be enabled|disabled
wtd_srv_ssh_fw_state: "enabled"
# Zone can be according to defined zones on your machine.
wtd_srv_ssh_fw_zone: "public"
Running Ansible Roles can be done in a playbook.
---
- hosts: all
roles:
- role: while_true_do.srv_ssh
Configure another ssh port, disable password login and use the builtin banner.
- hosts: all
roles:
- role: while_true_do.srv_ssh
wtd_srv_ssh_conf:
Port: "19022"
PasswordAuthentication: "no"
Banner: "builtin"
- RedHat Testing is currently not possible in public, due to limitations in subscriptions.
- Some services and features cannot be tested properly, due to limitations in docker.
Most of the "generic" tests are located in the Test Library.
Ansible specific testing is done with Molecule.
Infrastructure testing is done with testinfra.
Automated testing is done with Travis CI.
Thank you so much for considering to contribute. We are very happy, when somebody is joining the hard work. Please fell free to open Bugs, Feature Requests or Pull Requests after reading the Contribution Guideline.
See who has contributed already in the kudos.txt.
This work is licensed under a BSD-3-Clause License.
- Site https://while-true-do.io
- Twitter https://twitter.com/wtd_news
- Code https://github.com/while-true-do
- Mail hello@while-true-do.io
- IRC freenode, #while-true-do
- Telegram https://t.me/while_true_do