Galaxy
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Documentation
  2. /
  3. Roles
  4. /
  5. System
  6. /
  7. sshd

sshd

Source Code Build Status License: MIT

Configure sshd server.

Default Variables

sshd_allow_agent_forwarding

Default value 

sshd_allow_agent_forwarding: no

sshd_allow_groups

Default value 

sshd_allow_groups: []

sshd_allow_tcp_forwarding

Default value 

sshd_allow_tcp_forwarding: yes

sshd_challenge_response_authentication

If you disable password auth you should disable ChallengeResponseAuth also.

Default value 

sshd_challenge_response_authentication: no

sshd_ciphers

Default value 

sshd_ciphers:
  - chacha20-poly1305@openssh.com
  - aes256-gcm@openssh.com
  - aes128-gcm@openssh.com
  - aes256-ctr
  - aes192-ctr
  - aes128-ctr

sshd_client_alive_count_max

Default value 

sshd_client_alive_count_max: 0

sshd_client_alive_interval

Default value 

sshd_client_alive_interval: 900

sshd_compression

Default value 

sshd_compression: delayed

sshd_crypto_policy_enabled

Default value 

sshd_crypto_policy_enabled: true

sshd_google_auth_enabled

Google Authenticator required ChallengeResponseAuth!

Default value 

sshd_google_auth_enabled: false

sshd_google_auth_exclude_group

Exclude a group from 2FA auth

Default value 

sshd_google_auth_exclude_group: _unset_

Example usage 

sshd_google_auth_exclude_group: my_group

sshd_gssapi_authentication

Default value 

sshd_gssapi_authentication: no

sshd_hostbased_authentication

Default value 

sshd_hostbased_authentication: no

sshd_ignore_rhosts

Default value 

sshd_ignore_rhosts: yes

sshd_kex

Default value 

sshd_kex:
  - curve25519-sha256@libssh.org
  - diffie-hellman-group-exchange-sha256

sshd_log_level

Default value 

sshd_log_level: INFO

sshd_login_grace_time

Default value 

sshd_login_grace_time: 60

sshd_macs

Default value 

sshd_macs:
  - hmac-sha2-512-etm@openssh.com
  - hmac-sha2-256-etm@openssh.com
  - umac-128-etm@openssh.com
  - hmac-sha2-512
  - hmac-sha2-256
  - umac-128@openssh.com

sshd_max_auth_tries

Default value 

sshd_max_auth_tries: 6

sshd_max_sessions

Default value 

sshd_max_sessions: 10

sshd_max_startups

Default value 

sshd_max_startups: 10:30:60

sshd_moduli_minimum

Default value 

sshd_moduli_minimum: 2048

sshd_password_authentication

Default value 

sshd_password_authentication: no

sshd_permit_empty_passwords

Default value 

sshd_permit_empty_passwords: no

sshd_permit_root_login

Default value 

sshd_permit_root_login: yes

sshd_protocol

Default value 

sshd_protocol: 2

sshd_strict_modes

Default value 

sshd_strict_modes: yes

sshd_tcp_keep_alive

Default value 

sshd_tcp_keep_alive: yes

sshd_use_dns

Default value 

sshd_use_dns: no

sshd_x11_forwarding

Default value 

sshd_x11_forwarding: yes

Dependencies

None.