You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 lines
647 B
27 lines
647 B
---
|
|
- hosts: all
|
|
become: yes
|
|
vars:
|
|
# vars for ssh-hardening
|
|
########################
|
|
ssh_allow_users: "{{ USER }}"
|
|
ssh_allow_tcp_forwarding: no
|
|
ssh_max_sessions: 2
|
|
ssh_client_alive_count: 2
|
|
ssh_print_last_log: True
|
|
sshd_custom_options:
|
|
- "TrustedUserCAKeys /etc/ssh/id_ecdsa_sk.pub"
|
|
ssh_kex:
|
|
- curve25519-sha256@libssh.org
|
|
- diffie-hellman-group-exchange-sha256
|
|
ssh_macs:
|
|
- hmac-sha2-512-etm@openssh.com
|
|
- hmac-sha2-256-etm@openssh.com
|
|
- umac-128-etm@openssh.com
|
|
ssh_server_ports:
|
|
- '2222'
|
|
|
|
roles:
|
|
- ufw
|
|
- ssh-hardening
|
|
- ansible-os-hardening
|