From c099004b983699c23b2ee21c298c68f4f2309c9b Mon Sep 17 00:00:00 2001
From: Alex Waite <alex@waite.eu>
Date: Thu, 14 May 2020 16:21:41 +0200
Subject: [PATCH] make ssh client-side compression configurable

Signed-off-by: Alex Waite <alex@waite.eu>
---
 README.md                 | 3 ++-
 defaults/main.yml         | 1 +
 templates/openssh.conf.j2 | 3 +--
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index cd61aec..b0f779f 100644
--- a/README.md
+++ b/README.md
@@ -59,7 +59,8 @@ Warning: This role disables root-login on the target server! Please make sure yo
 |`ssh_banner` | `false` | `true` to print a banner on login |
 |`ssh_client_hardening` | `true` | `false` to stop harden the client |
 |`ssh_client_port` | `'22'` | Specifies the port number to connect on the remote host. |
-|`ssh_compression` | `false` | Specifies whether compression is enabled after the user has authenticated successfully. |
+|`ssh_client_compression` | `false` | Specifies whether the client requests compression. |
+|`ssh_compression` | `false` | Specifies whether server-side compression is enabled after the user has authenticated successfully. |
 |`ssh_max_auth_retries` | `2` | Specifies the maximum number of authentication attempts permitted per connection. |
 |`ssh_print_debian_banner` | `false` | `true` to print debian specific banner |
 |`ssh_server_enabled` | `true` | `false` to disable the opensshd server |
diff --git a/defaults/main.yml b/defaults/main.yml
index 865bf18..f24ccaf 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,6 +8,7 @@ ssh_server_enabled: true               # sshd
 ssh_use_dns: false                      # sshd
 
 # true or value if compression is needed
+ssh_client_compression: false           # ssh
 ssh_compression: false                  # sshd
 
 # For which components (client and server) to generate the configuration for. Can be useful when running against a client without an SSH server.
diff --git a/templates/openssh.conf.j2 b/templates/openssh.conf.j2
index 106b887..ec0a714 100644
--- a/templates/openssh.conf.j2
+++ b/templates/openssh.conf.j2
@@ -113,8 +113,7 @@ PermitLocalCommand no
 # Misc. configuration
 # ===================
 
-# Enable compression. More pressure on the CPU, less on the network.
-Compression yes
+Compression {{ 'yes' if (ssh_client_compression|bool) else 'no' }}
 
 #EscapeChar ~
 #VisualHostKey yes