31 lines
942 B
Django/Jinja
31 lines
942 B
Django/Jinja
# {{ ansible_managed }}
|
|
# See the sshd_config(5) manpage for details
|
|
|
|
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
|
|
AcceptEnv XMODIFIERS
|
|
|
|
# Supported HostKey algorithms by order of preference.
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
|
HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
|
|
# LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear audit track of which key was using to log in.
|
|
LogLevel VERBOSE
|
|
|
|
# We need sftp and logging
|
|
Subsystem sftp internal-sftp -f AUTH -l INFO
|
|
|
|
{% for i in ssh.config_override|d({}) %}
|
|
{{ i }} {{ ssh.config_override[i] }}
|
|
{% endfor %}
|
|
|
|
# add special rules for users defined in host variables
|
|
|
|
{% for i in ssh.user %}
|
|
Match User {{ i }}
|
|
{% for j in ssh.user[i]|d({}) %}
|
|
{{ j }} {{ ssh.user[i][j] }}
|
|
{% endfor %}
|
|
{% endfor %}
|