ansible-roles/roles/ssh/defaults/main.yml

---

# List of port sshd will listen on
sshd_ports:
  - 22

# Will restrict ssh access to the following IP/CIDR (only if iptables_manage == True)
sshd_src_ip:
  - 0.0.0.0/0

# sshd_src_ip:
#  - 12.13.14.15
#  - 192.168.17.0/24

# Allow the root user to login
sshd_permit_root_login: False
# Allow password authentication
sshd_password_auth: True

# Control the AllowUsers, DenyUsers, AllowGroups and DenyGroups
# sshd_allow_users:
#   - xavier
#   - dani@EXAMPLE.ORG
# sshd_deny_users:
#   - dimitri
#   - flo
# sshd_allow_groups:
#   - tech
#   - support@EXAMPLE.ORG
# sshd_deny_groups:
#   - sales
#   - interim@EXAMPLE.ORG
#
#

# User configuration
ssh_users: []
#ssh_users:
#  - name: dani
#    create_user: False
#    ssh_keys:
#      - 'ssh-rsa AAAAB3NzaC1yc2...'
#      - 'ssh-rsa AAAAB3NzaC1yc2...'
#    keys_exclusive: True
#    keys_file: %h/.ssh/authorized_keys
#    key_options:
#      - from="192.168.3.7"
#      - no-pty
#    sftp_only: True
#    chroot: /var/www/html
#    allow_forwarding: False
#    sudo_defaults:
#      - '!env_reset'
#      - '!requiretty'
#    sudo:
#      - cmd:
#        - /usr/local/bin/
#        run_as: root
#        nopasswd: False
#
#ssh_extra_users (can be used as ssh_users, both will be merged)
#  
#
# Max number of conn / minute. 0 to disable rate limit
sshd_max_conn_per_minute: 0

# Authorized Keys custom command
# sshd_authorized_keys_command: /usr/local/bin/ssh-getkeys
# sshd_authorized_keys_command_user: ldapsshkey

# Use DNS. If disabled, kerb auth won't be used (as it uses DNS)
# You might need to disable it when you need no SSH login delay even if DNS is unavailable
sshd_use_dns: True

# List of users for which no management of the SSH keys will be done by ansible (they will
# be able to set their own ~/.ssh/authorized_keys)
ssh_local_users: []

# Optional list of custom sshd_config options
sshd_custom_options: {}