28 lines
687 B
Django/Jinja
28 lines
687 B
Django/Jinja
# -*-conf-space-*-
|
|
|
|
# Include drop-in configs
|
|
Include /etc/ssh/sshd_config.d/*.conf
|
|
|
|
Port {{ ssh_port|default(22) }}
|
|
# If this is initial setup of a container (where we log in as root, so become is disabled),
|
|
# leave root login enabled so we can finish deploying everything. Otherwise, disable it.
|
|
PermitRootLogin {{ ansible_become|default(false) | ternary("yes", "no") }}
|
|
PubkeyAuthentication yes
|
|
PasswordAuthentication no
|
|
|
|
KbdInteractiveAuthentication no
|
|
|
|
UsePAM yes
|
|
|
|
AllowAgentForwarding yes
|
|
X11Forwarding yes
|
|
GatewayPorts yes
|
|
PrintMotd no
|
|
PrintLastLog yes
|
|
TCPKeepAlive yes
|
|
ClientAliveInterval 30
|
|
ClientAliveCountMax 3
|
|
|
|
AcceptEnv LANG LC_*
|
|
Subsystem sftp /usr/lib/openssh/sftp-server
|