Ignore:
Timestamp:
5 Apr 2019, 23:44:20 (6 years ago)
Author:
uli
Message:

Start vhost 6 after reboots.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/waeup-ansible/roles/openssh/tasks/main.yml

    r13994 r15389  
    88    regexp={{ item.regexp }}
    99  with_items:
     10    - { regexp: '^#HostKey /etc/ssh/ssh_host_rsa_key',
     11        line: 'HostKey /etc/ssh/ssh_host_rsa_key' }
    1012    - { regexp: '^HostKey /etc/ssh/ssh_host_dsa_key',
    1113        line: '# HostKey /etc/ssh/ssh_host_dsa_key' }
    1214    - { regexp: '^HostKey /etc/ssh/ssh_host_ecdsa_key',
    1315        line: '# HostKey /etc/ssh/ssh_host_ecdsa_key' }
     16    - { regexp: '^#HostKey /etc/ssh/ssh_host_ed25519_key',
     17        line: 'HostKey /etc/ssh/ssh_host_ed25519_key' }
    1418  notify: "restart sshd"
    1519
     
    2327  notify: "restart sshd"
    2428
    25 - name: "sshd_config - set secure ciphers from bettercrypto.org"
     29- name: "sshd_config - set secure ciphers from bettercrypto.org (Ubuntu)"
     30  when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version is version('16', '<=')
     31       
    2632  lineinfile:
    2733    dest=/etc/ssh/sshd_config
     
    3036  notify: "restart sshd"
    3137
    32 - name: "sshd_config - set secure MACs from bettercrypto.org"
     38- name: "sshd_config - set secure ciphers from bettercrypto.org (Debian)"
     39  when: ansible_distribution == 'Debian'
     40       
    3341  lineinfile:
    3442    dest=/etc/ssh/sshd_config
    35     line='MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160'
     43    line='Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'
    3644    state=present
    3745  notify: "restart sshd"
    3846
    39 - name: "sshd_config - set secure kex algos from bettercrypto.org"
     47- name: "sshd_config - set secure MACs from bettercrypto.orgi (Ubuntu)"
     48  when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version is version('16', '<=')
     49  lineinfile:
     50    dest=/etc/ssh/sshd_config
     51    line='MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'
     52    state=present
     53  notify: "restart sshd"
     54
     55- name: "sshd_config - set secure MACs from bettercrypto.org and ssh-audit.py (Debian)"
     56  when: ansible_distribution == 'Debian'
     57  lineinfile:
     58    dest=/etc/ssh/sshd_config
     59    line='MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com'
     60    state=present
     61  notify: "restart sshd"
     62
     63
     64- name: "sshd_config - set secure kex algos from bettercrypto.org (Ubuntu)"
     65  when: ansible_distribution == 'Ubuntu' and ansible_distribution_major_version is version('16', '<=')
    4066  lineinfile:
    4167    dest=/etc/ssh/sshd_config
    4268    line='KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1'
     69    state=present
     70  notify: "restart sshd"
     71
     72- name: "sshd_config - set secure kex algos from bettercrypto.org (Debian)"
     73  when: ansible_distribution == 'Debian'
     74  lineinfile:
     75    dest=/etc/ssh/sshd_config
     76    line='KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512'
    4377    state=present
    4478  notify: "restart sshd"
Note: See TracChangeset for help on using the changeset viewer.