mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-14 02:47:06 +00:00
ssh: explicitly enable or disable the service at boot (#771)
Signed-off-by: Sevan Murriguian-Watrin <git@byh0ki.fr>
This commit is contained in:
parent
19ca997bd6
commit
b0488e86d4
2 changed files with 9 additions and 1 deletions
|
@ -6,9 +6,12 @@ network_ipv6_enable: true # sshd + ssh
|
||||||
ssh_client_config_file: /etc/ssh/ssh_config # ssh
|
ssh_client_config_file: /etc/ssh/ssh_config # ssh
|
||||||
ssh_server_config_file: /etc/ssh/sshd_config # sshd
|
ssh_server_config_file: /etc/ssh/sshd_config # sshd
|
||||||
|
|
||||||
# true if sshd should be started and enabled
|
# true if sshd should be started
|
||||||
ssh_server_enabled: true # sshd
|
ssh_server_enabled: true # sshd
|
||||||
|
|
||||||
|
# true if sshd should be enabled at boot
|
||||||
|
ssh_server_service_enabled: true # sshd
|
||||||
|
|
||||||
# true if DNS resolutions are needed, look up the remote host name,
|
# true if DNS resolutions are needed, look up the remote host name,
|
||||||
# defaults to false from 6.8, see: http://www.openssh.com/txt/release-6.8
|
# defaults to false from 6.8, see: http://www.openssh.com/txt/release-6.8
|
||||||
ssh_use_dns: false # sshd
|
ssh_use_dns: false # sshd
|
||||||
|
|
|
@ -144,3 +144,8 @@
|
||||||
when:
|
when:
|
||||||
- sshd_disable_crypto_policy | bool
|
- sshd_disable_crypto_policy | bool
|
||||||
- ('crypto-policies' in ansible_facts.packages)
|
- ('crypto-policies' in ansible_facts.packages)
|
||||||
|
|
||||||
|
- name: Enable or disable sshd service
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: "{{ sshd_service_name }}"
|
||||||
|
enabled: "{{ ssh_server_service_enabled }}"
|
||||||
|
|
Loading…
Reference in a new issue