Giter VIP home page Giter VIP logo

ssh-1's Introduction

ssh

CI Testing

An Ansible role for managing ssh clients configuration.

Requirements

This role should work on any system that provides openssh client and is supported by ansible. The role was tested on:

  • RHEL/CentOS 6, 7, 8
  • Fedora 32, 33
  • Debian
  • Ubuntu

Role Variables

By default, the role should not modify the system configuration and generate global ssh_config that matches OS default (the generated configuration does not keep comments and order of the options).

  • ssh_user:

By default (null) the role will modify the global configuration for all users. Other values will be interpreted as a username and the role will modify per-user configuration stored under ~/.ssh/config of the given user. The user needs to exist before invoking this role otherwise it will fail.

  • ssh_skip_defaults:

By default (auto), the role writes the system-wide configuration file /etc/ssh/ssh_config and keeps OS defaults defined there (true). This is automatically disabled, when a drop-in configuration file is created (ssh_drop_in_name!=null) or when per-user configuration file is created (ssh_user!=null).

  • ssh_drop_in_name:

This defines the name for the drop-in configuration file to be placed in system-wide drop-in directory. The name is used in the template defined by (by default /etc/ssh/ssh_config.d/{name}.conf) to reference the configuration file to be modified. If the system does not support drop-in directory, setting this option will make the play fail. Default is null if the system does not support drop in directory and 00-ansible otherwise.

The suggested format is NN-name, where NN is two-digit number used for sorting the and name is any descriptive name for the content or the owner of the file.

  • ssh:

A dict containing configuration options and respective values. See example below.

  • ssh_...:

Simple variables consisting of the option name prefixed with ssh_ can be used rather than a dict above. The simple variable overrides values in dict above.

  • ssh_additional_packages:

This role automatically installs packages needed for most common use cases on given platform. If some additional packages need to be installed (for example openssh-keysign for host-based authentication), they can be specified in this variable.

  • ssh_config_file:

The configuration file that will be written by this role. The default is defined by template /etc/ssh/ssh_config.d/{name}.conf if system has drop-in directory or /etc/ssh/ssh_config otherwise. If ssh_user!=null, the default is ~/.ssh/config.

  • ssh_config_owner, ssh_config_group, ssh_config_mode:

The owner, group and mode of the created configuration file. The files are owned by root:root with mode 0644 by default, unless ssh_user!=null. In that case, the mode is 0600 and owner and group are derived from username given in ssh_user variable.

Dependencies

none

Example Playbook

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

- hosts: all
  tasks:
  - name: "Configure ssh clients"
    include_role:
      name: linux-system-roles.ssh
    vars:
      ssh_user: root
      ssh:
        Compression: true
        GSSAPIAuthentication: no
        ControlMaster: auto
        ControlPath: ~/.ssh/.cm%C
        Match:
          - Condition: "final all"
            GSSAPIAuthentication: yes
        Host:
          - Condition: example
            Hostname: example.com
            User: somebody
      ssh_ForwardX11: no

More examples can be provided in the examples/ directory. These can be useful especially for documentation.

License

LGPLv3, see the file LICENSE for more information.

Author Information

Jakub Jelen, 2021

ssh-1's People

Contributors

jakuje avatar nhosoi avatar richm avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.