This role manages the installation and configuration of openssh-server as well as possessing the capability of generating hostkeys intended for use in post-vm-clone configuration.
- Requirements
- Dependencies
- Role Variables
- Example Playbook
- Testing and Contributing
- License
- Author Information
None
None
General Usage
The ssh-server role is quite simple. The sshd_config file is populated with the values in the ssh_server_config variable. The default configuration for this hash can be found in the os specific vars file (vars/<distrib_name>_<major_version>.yml). Values are merged with user supplied elements taking precedence over the defaults despite being added during role execution.
NOTE:
- ALL variable names should be lowercase.
- Ansible treats
yesandnoas booleantrue/false. These variables MUST be quoted to be passed asyesandnoin thesshd_configfile.
Similar to the sshd_config file, any key value pair variables supplied via the ssh_server_env hash will be added to the distribution specific env file. These variables ARE case sensitive and should be set appropriately.
Host Keys
Host keys can be regenerated by setting ssh_server_gen_keys to true and providing some details via the ssh_server_keys variable. NOTE: This is not an idempotent action. This is ideal to run once after say, cloning a virtual-machine as part of initial host bootstrapping.ssh_server_keys is an array of hashes with the following schema:
path: <required>
cipher: <required>
bits: <required>
args: <optional>
owner: root
group: <os specific>
mode: <os specific>
pub_key:
owner: root
group: root
mode: 0644
Only the path, cipher, and bits are required, and args will pass any additional parameters to ssh-keygen. The other fields will be populated with the os specific defaults and the path of the pubkey will be the same as the generated key with the added extension of .pub. To view the OS specific defaults, please see the different distribution files in the vars directory.
| Variable Name | Default | Description |
|---|---|---|
external_dependency_delay |
20 |
The time in seconds between external dependency retries. (repos, keyservers, etc) |
external_dependency_retries |
6 |
The number of retries to attempt accessing an external dependency. |
| Variable Name | Default | Description |
|---|---|---|
ssh_server_version |
- | The version of the openssh-server to install. |
ssh_server_config |
<os specific hash> |
Hash containing key value mappings of variables in sshd_config. NOTE: ALL key names should be lowercase |
ssh_server_config_file |
<os specific hash> |
Hash containing path, owner, group, and mode for the sshd_config file. |
ssh_server_env |
<os specific hash> |
Hash of key value pairs that will be passed as environment variables to ssh server daemon. |
ssh_server_env_file |
<os specific hash> |
Hash containing path, owner, group, and mode for the ssh-server environment variable config. |
Please see the CONTRIBUTING.md document in the repo.
---
- name: ssh_server
hosts: ssh_servers
connection: local
gather_facts: true
roles:
- ssh-server
vars:
ssh_server_config:
port: 22
hostkey:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
---
- name: ssh_server
hosts: ssh_servers
connection: local
gather_facts: true
roles:
- ssh-server
vars:
ssh_server_gen_keys: true
ssh_server_keys:
- path: /etc/ssh/ssh_host_rsa_key
cipher: rsa
bits: 2048
- path: /etc/ssh/ssh_host_ecdsa_key
cipher: ecdsa
bits: 256
- path: /etc/ssh/ssh_host_ed25519_key
cipher: ed25519
bits: 256
ssh_server_config:
hostkey:
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
MIT
Created by Bob Killen, maintained by the Department of Advanced Research Computing and Technical Services of the University of Michigan.