28 lines
No EOL
970 B
Django/Jinja
28 lines
No EOL
970 B
Django/Jinja
#jinja2: lstrip_blocks: True
|
|
# {{ ansible_managed }}
|
|
|
|
ChallengeResponseAuthentication no
|
|
UsePAM yes
|
|
PasswordAuthentication no
|
|
PermitRootLogin no
|
|
|
|
# Allow specific users only
|
|
AllowUsers {% for item in ssh_users %}{{ item.name }} {% endfor %}
|
|
|
|
# Sicherheit und Allgemeines
|
|
LoginGraceTime 2m
|
|
ClientAliveInterval 600
|
|
StrictModes yes
|
|
AllowTcpForwarding no
|
|
AllowStreamLocalForwarding no
|
|
X11Forwarding no
|
|
|
|
## Ciphers (01.2024, ssh-audit and https://www.ssh.com/academy/ssh/sshd_config#cryptographic-policy)
|
|
# Encryption algorithms (ciphers)
|
|
Ciphers aes256-ctr,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
|
|
# Host-key algorithms
|
|
HostKeyAlgorithms rsa-sha2-256,rsa-sha2-512,ssh-ed25519,ssh-dss
|
|
# Key exchange algorithms
|
|
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
|
|
# Message authentication code (MAC) algorithms
|
|
MACs hmac-sha2-512,hmac-sha2-256 |