Role - tripleo-sshd

Role Documentation

Welcome to the “tripleo-sshd” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “tripleo-sshd” role.

tripleo_sshd_banner_enabled: false
tripleo_sshd_motd_enabled: false
tripleo_sshd_package_state: present
tripleo_sshd_password_authentication: 'no'
tripleo_sshd_server_options:
  AcceptEnv:
  - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  - LC_IDENTIFICATION LC_ALL LANGUAGE
  - XMODIFIERS
  AuthorizedKeysFile: .ssh/authorized_keys
  ChallengeResponseAuthentication: 'no'
  GSSAPIAuthentication: 'yes'
  GSSAPICleanupCredentials: 'no'
  HostKey:
  - /etc/ssh/ssh_host_rsa_key
  - /etc/ssh/ssh_host_ecdsa_key
  - /etc/ssh/ssh_host_ed25519_key
  Subsystem: sftp /usr/libexec/openssh/sftp-server
  SyslogFacility: AUTHPRIV
  UseDNS: 'no'
  UsePAM: 'yes'
  X11Forwarding: 'yes'

Role Variables: main.yml

tripleo_sshd_banner_text: '******************************************************************

  * This system is for the use of authorized users only. Usage of  *

  * this system may be monitored and recorded by system personnel. *

  * Anyone using this system expressly consents to such monitoring *

  * and is advised that if such monitoring reveals possible        *

  * evidence of criminal activity, system personnel may provide    *

  * the evidence from such monitoring to law enforcement officials.*

  ******************************************************************

  '
tripleo_sshd_message_of_the_day: 'ALERT! You are entering into a secured area!

  This service is restricted to authorized users only.

  '

Role Variables: redhat.yml

tripleo_sshd_packages:
- openssh-server

Molecule Scenarios

Molecule is being used to test the “tripleo-sshd” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default

Driver: docker
Example default playbook
- hosts: all
  name: Converge
  roles:
  - name: tripleo-sshd

Scenario: banners

Driver: docker
Example banners playbook
- hosts: all
  name: Converge
  roles:
  - name: tripleo-sshd
    tripleo_sshd_banner_enabled: true
    tripleo_sshd_motd_enabled: true