33 lines
825 B
Django/Jinja
33 lines
825 B
Django/Jinja
# Managed by Ansible — do not edit manually
|
|
|
|
Port {{ sshd_port }}
|
|
AddressFamily inet
|
|
ListenAddress 0.0.0.0
|
|
|
|
# Authentication
|
|
PermitRootLogin {{ sshd_permit_root_login }}
|
|
PasswordAuthentication {{ sshd_password_authentication }}
|
|
PubkeyAuthentication {{ sshd_pubkey_authentication }}
|
|
AuthorizedKeysFile .ssh/authorized_keys
|
|
PermitEmptyPasswords no
|
|
ChallengeResponseAuthentication no
|
|
UsePAM yes
|
|
|
|
# Forwarding
|
|
AllowAgentForwarding no
|
|
AllowTcpForwarding no
|
|
X11Forwarding {{ sshd_x11_forwarding }}
|
|
PrintMotd no
|
|
|
|
# Timeouts and limits
|
|
LoginGraceTime 30
|
|
MaxAuthTries {{ sshd_max_auth_tries }}
|
|
MaxSessions 5
|
|
ClientAliveInterval {{ sshd_client_alive_interval }}
|
|
ClientAliveCountMax {{ sshd_client_alive_count_max }}
|
|
|
|
# Subsystems
|
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
|
|
|
# Only allow the deploy user
|
|
AllowUsers {{ deploy_user }}
|