Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- name "openssh-ubuntu"
- description "Sets up OpenSSH using my preferred generic settings on Ubuntu nodes"
- default_attributes(
- "openssh" => {
- "server" => {
- "port" => "22",
- "protocol" => "2",
- "address_family" => "any",
- "listen_address" => ["0.0.0.0", "::"],
- "challenge_response_authentication" => "no",
- "ciphers" => "aes256-ctr,aes256-gcm@openssh.com,aes192-ctr,aes128-ctr,aes128-gcm@openssh.com",
- "client_alive_interval" => "15",
- "client_alive_count_max" => "3",
- "compression" => "yes",
- "gateway_ports" => "no",
- "gssapi_authentication" => "no",
- "gssapi_clean_up_credentials" => "yes",
- "host_based_authentication" => "no",
- "ignore_rhosts" => "yes",
- "log_level" => "INFO",
- "login_grace_time" => "50s",
- "m_a_cs" => "hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-512",
- "max_auth_tries" => "6",
- "max_startups" => "10",
- "password_authentication" => "no",
- "permit_empty_passwords" => "no",
- "permit_root_login" => "no",
- "permit_tunnel" => "no",
- "permit_user_environment" => "no",
- "print_lastlog" => "yes",
- "print_motd" => "no",
- "pubkey_authentication" => "yes",
- "rsa_authentication" => "yes",
- "strict_modes" => "yes",
- "syslog_facility" => "AUTHPRIV",
- "use_dns" => "no",
- "use_login" => "no",
- "use_p_a_m" => "yes",
- "use_privilege_separation" => "yes",
- "x11_forwarding" => "no"
- }
- }
- )
- run_list "recipe[openssh]"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement