Role - edpm-sshd

osp.edpm.edpm_sshd role – The main entry point for the edpm_sshd role.

Entry point main – The main entry point for the edpm_sshd role.

Synopsis

Parameters

Parameter

Comments

edpm_sshd_allowed_ranges

list / elements=string

List of address ranges to allow ssh connection from.

Default: []

edpm_sshd_banner_enabled

boolean

Choices:

  • false ← (default)

  • true

edpm_sshd_banner_text

string

Default: ""

edpm_sshd_configure_firewall

boolean

Should the firewall be configured.

Choices:

  • false ← (default)

  • true

edpm_sshd_download_delay

integer

The seconds between retries for failed download tasks

Default: 5

edpm_sshd_download_retries

integer

The number of retries for failed download tasks

Default: 5

edpm_sshd_firewall_port

integer

Since we can override the port using the edpm_sshd_server_options, we’d rather ensure we can set the appropriate value here as well.

Default: 22

edpm_sshd_gssapi_authentication

boolean

Enable gssapi authentication?

Choices:

  • false ← (default)

  • true

edpm_sshd_message_of_the_day

string

Default: ""

edpm_sshd_motd_enabled

boolean

Choices:

  • false ← (default)

  • true

edpm_sshd_password_authentication

boolean

Enable password authentication?

Choices:

  • false ← (default)

  • true

edpm_sshd_server_options

dictionary

Dictionary of settings for sshd server. Including location of key files, location of authorized key files, forwarding, accepted environment settings, usage of DNS, PAM and GSSAPI.

Default: {"AcceptEnv": ["LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", "LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", "LC_IDENTIFICATION LC_ALL LANGUAGE", "XMODIFIERS"], "AuthorizedKeysFile": ".ssh/authorized_keys", "ChallengeResponseAuthentication": "no", "GSSAPIAuthentication": "no", "GSSAPICleanupCredentials": "no", "HostKey": ["/etc/ssh/ssh_host_rsa_key", "/etc/ssh/ssh_host_ecdsa_key", "/etc/ssh/ssh_host_ed25519_key"], "Subsystem": "sftp /usr/libexec/openssh/sftp-server", "SyslogFacility": "AUTHPRIV", "UseDNS": "no", "UsePAM": "yes", "X11Forwarding": "yes"}