diff --git a/README.md b/README.md index ca2fa2e..cacd0dd 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ Warning: This role disables root-login on the target server! Please make sure yo |`ssh_allow_tcp_forwarding` | no | `'no'` to disable TCP Forwarding. Set to `'yes'` to allow TCP Forwarding. If you are using OpenSSH >= 6.2 version, you can specify `'yes'`, `'no'`, `'all'` or `'local'`.
*Note*: values passed to this variable must be strings, thus values `'yes'` and `'no'` should be passed with quotes. | |`ssh_gateway_ports` | `false` | `false` to disable binding forwarded ports to non-loopback addresses. Set to `true` to force binding on wildcard address. Set to `clientspecified` to allow the client to specify which address to bind to.| |`ssh_allow_agent_forwarding` | false | false to disable Agent Forwarding. Set to true to allow Agent Forwarding.| +|`ssh_x11_forwarding` | false | false to disable X11 Forwarding. Set to true to allow X11 Forwarding.| |`ssh_pam_support` | true | true if SSH has PAM support.| |`ssh_use_pam` | true | false to disable pam authentication.| |`ssh_gssapi_support` | false | true if SSH has GSSAPI support.| @@ -61,7 +62,7 @@ Warning: This role disables root-login on the target server! Please make sure yo |`ssh_client_port` | `'22'` | Specifies the port number to connect on the remote host. | |`ssh_client_compression` | `false` | Specifies whether the client requests compression. | |`ssh_compression` | `false` | Specifies whether server-side compression is enabled after the user has authenticated successfully. | -|`ssh_login_grace_time` | `30s` | specifies the time allowed for successful authentication to the SSH server | +|`ssh_login_grace_time` | `30s` | specifies the time allowed for successful authentication to the SSH server | |`ssh_max_auth_retries` | `2` | Specifies the maximum number of authentication attempts permitted per connection. | |`ssh_max_sessions` | `10` | Specifies the maximum number of open sessions permitted from a given connection. | |`ssh_print_debian_banner` | `false` | `true` to print debian specific banner | diff --git a/defaults/main.yml b/defaults/main.yml index 65e191b..8d080f4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -71,6 +71,9 @@ ssh_gateway_ports: false # sshd # false to disable Agent Forwarding. Set to true to allow Agent Forwarding. ssh_allow_agent_forwarding: false # sshd +# false to disable X11 Forwarding. Set to true to allow X11 Forwarding. +ssh_x11_forwarding: false # sshd + # true if SSH has PAM support ssh_pam_support: true diff --git a/templates/opensshd.conf.j2 b/templates/opensshd.conf.j2 index d8dd556..6afa6ef 100644 --- a/templates/opensshd.conf.j2 +++ b/templates/opensshd.conf.j2 @@ -206,7 +206,7 @@ GatewayPorts no {% endif %} # Disable X11 forwarding, since local X11 display could be accessed through forwarded connection. -X11Forwarding no +X11Forwarding {{ 'yes' if (ssh_x11_forwarding|bool) else 'no' }} X11UseLocalhost yes # User environment configuration