foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sshd: Remove some unused and potentially dangerous features

Browse source
This commit is contained in:
Timo Makinen 2021-03-17 05:20:41 +00:00
parent 282fbcb932
commit a745cdb3ee
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
roles/sshd/tasks/main.yml
View file

@ -1,6 +1,20 @@
--- ---
- name: disable AllowAgentForwarding
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?AllowAgentForwarding'
line: 'AllowAgentForwarding no'
validate: "sshd -t -f %s"
notify: restart sshd
- name: disable ChallengeResponseAuthentication
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?ChallengeResponseAuthentication'
line: 'ChallengeResponseAuthentication no'
validate: "sshd -t -f %s"
notify: restart sshd
# based on mozilla recommended settings # based on mozilla recommended settings
# https://infosec.mozilla.org/guidelines/openssh.html # https://infosec.mozilla.org/guidelines/openssh.html