blob: 570f742ce9da2c6661f4c32ee7a81a1734cb6542 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
This role, sshd, configures an SSH server on a Debian. Specifically
may:
- set host key and certificate
- set user CA
- set port on which server listens
To use, define variables below:
- `sshd_version`---must match the current version for the role
- `sshd_host_key` and `sshd_host_cert`---the host key and
corresponding certificate
- note that you must define both for either to work
- rationale: there's little point in just setting the host key, as
it will still force people to accept it the first time; a host
certificate removes that need and allows the key to change at will
- `sshd_port`---the port where the SSH server should listen
- rationale: on public-facing servers, the default port gets tons of
login attempts by attackers trying to guess passwords
- `ssh_user_ca_pub`---the public keys of the SSH CAs trusted to
certify users
- rationale: using a user CA removes the need to maintain, or have,
`authorized_keys` files
|
