feat(ssh): allow configuring MaxStartups

2024-09-20 06:11:58 +00:00 · 2024-02-29 15:22:53 +01:00 · 2024-02-29 15:22:53 +01:00 · b4c259dd1d
commit b4c259dd1d
parent f204f3036b
1 changed files with 18 additions and 0 deletions
--- a/roles/ssh/tasks/main.yml
+++ b/roles/ssh/tasks/main.yml
@ -66,6 +66,24 @@
  notify: "reload sshd"
  tags: ["prepare", "prepare-sshd"]

+- name: "Set maximum number of concurrent unauthenticated connections"
+  ansible.builtin.lineinfile:
+    <<: *sshd_config_args
+    regexp: "^#?MaxStartups"
+    line: "MaxStartups {{ sshd_config_max_startups }}"
+  when: "sshd_config_max_startups is defined"
+  notify: "reload sshd"
+  tags: ["prepare", "prepare-sshd"]
+
+- name: "Unset maximum number of concurrent unauthenticated connections"
+  ansible.builtin.lineinfile:
+    <<: *sshd_config_args
+    regexp: "^#?MaxStartups"
+    line: "#MaxStartups 10:30:100"
+  when: "sshd_config_max_startups is not defined"
+  notify: "reload sshd"
+  tags: ["prepare", "prepare-sshd"]
+
 - name: "Only allow SSHv2"
  ansible.builtin.lineinfile:
    <<: *sshd_config_args