elnappo / ansible-role-secure-openssh-server Goto Github PK
View Code? Open in Web Editor NEWSet up a secure config for OpenSSH Server >= 6.5
Set up a secure config for OpenSSH Server >= 6.5
When setting:
vars:
- ssh_permit_root_login: no
The following error occurs:
failed: [XXX.XXX.XXX.XXX] => (item={u'regexp': u'^PermitRootLogin ', u'line': u'PermitRootLogin False'}) => {"failed": true, "item": {"line": "PermitRootLogin False", "regexp": "^PermitRootLogin "}, "msg": "failed to validate: rc:255 error:/tmp/tmpW9eey5 line 28: unsupported option \"False\".\r\n"}
It appears ansible's yaml syntax reads "no" as falsy and stores the value False. This can be worked around by using:
vars:
- ssh_permit_root_login: "no"
The simplest way forward might be to just document this in defaults/main.yml where the values for ssh_permit_root_login are already documented. I suspect the value "yes" (without quotes) will similarly be considered truthy and converted to True by ansible.
Actually, if we change the ssh_port
variable, it ends up adding a line containing port <ssh_port value>
to the sshd_config
file. Thus, the daemon is listening on several ports, and the related ufw rules are added.
IMHO, the expected behaviour would be to have the daemon listening on a single port. It is actually a bit misleading: reading the config, we can expect ssh to be accessible on a single port, which might not be the case based on the "history" of the changes...
Took me a while to understand that the validations where failing because sshd
was not in my user's PATH.
Therefore, I think it might be useful to add a check to the pre.yml
file to verify that.
sshd
being located in /usr/sbin
, ansible user will need sudo capabilities.
Adding a become instruction solves the problem, example:
roles:
- { role: elnappoo.secure-openssh-server,
become: yes }
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.