- name: User Alive Interval setting
ssh_conf:
regexp: '[\s]*ClientAliveInterval'
- values: "ClientAliveInterval 900\n"
+ values: "ClientAliveInterval 300\n"
- name: Disable the X11forwarding
ssh_conf:
- name: MaxAuthTries setting
ssh_conf:
regexp: '[\s]*MaxAuthTries'
- values: "MaxAuthTries 6\n"
+ values: "MaxAuthTries 3\n"
+
+- name: "Limit interactive session count to 2"
+ ssh_conf:
+ regexp: '[\s]*MaxSessions'
+ values: "MaxSessions 2\n"
- name: Banner creation
ssh_conf:
regexp: '[\s]*Banner'
values: "Banner /etc/banner\n"
+- name: "Disable Keepalive"
+ ssh_conf:
+ regexp: '[\s]*TCPKeepAlive'
+ values: "TCPKeepAlive no\n"
+
- name: "Enable the Ipv6"
lineinfile:
path: /etc/ssh/sshd_config
insertafter: '^[\s]*ListenAddress 0.0.0.0'
line: 'ListenAddress ::'
+- name: Enable verbose logging for SSH daemon
+ ssh_conf:
+ regexp: '[\s]*LogLevel'
+ values: "LogLevel VERBOSE"
+
- name: "Disable Kerberos Authentication"
ssh_conf:
regexp: '[\s]*KerberosAuthentication'
regexp: '[\s]*ClientAliveCountMax'
values: "ClientAliveCountMax 0\n"
+- name: "Limit logins to members of admin, keystone, and ironic groups"
+ ssh_conf:
+ regexp: '[\s]*AllowGroups'
+ values: "AllowGroups {{ users['admin_user_name'] }} {{ keystone_system_group_name |default('keystone') }} {{ ironic_system_group_name | default('ironic') }}\n"
+
- name: "Disable SSH Support for User Known Hosts"
ssh_conf:
regexp: '[\s]*IgnoreUserKnownHosts'
name: sshd
state: restarted
-- name : create a banner file
+- name: create a banner file
lineinfile:
path: /etc/banner
create: yes
Code Review / ta / infra-ansible.git / blobdiff