lab-ansible/roles/common/templates/etc/ssh/sshd_config.j2

# code: language=ansible-jinja
Include /etc/ssh/sshd_config.d/*.conf

Port 22
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::

MaxAuthTries 3
PubkeyAuthentication yes
{% if hostname in groups['infrastructure'] %}
PermitRootLogin yes
{% else %}
PermitRootLogin no
{% endif %}
PermitEmptyPasswords no
PasswordAuthentication no
IgnoreRhosts yes
UsePAM yes

AllowAgentForwarding no
X11Forwarding no
PrintMotd no
UseDNS no
AcceptEnv LANG LC_*

{% if hostname in groups['infrastructure'] %}
Match User root
    PasswordAuthentication yes
{% endif %}
Add sshd_config 2023-11-07 21:15:20 +00:00			`# code: language=ansible-jinja`
			`Include /etc/ssh/sshd_config.d/*.conf`

			`Port 22`
			`AddressFamily any`
			`ListenAddress 0.0.0.0`
			`ListenAddress ::`

			`MaxAuthTries 3`
			`PubkeyAuthentication yes`
			`{% if hostname in groups['infrastructure'] %}`
			`PermitRootLogin yes`
			`{% else %}`
			`PermitRootLogin no`
			`{% endif %}`
			`PermitEmptyPasswords no`
			`PasswordAuthentication no`
			`IgnoreRhosts yes`
			`UsePAM yes`

			`AllowAgentForwarding no`
			`X11Forwarding no`
			`PrintMotd no`
			`UseDNS no`
			`AcceptEnv LANG LC_*`

			`{% if hostname in groups['infrastructure'] %}`
			`Match User root`
			`PasswordAuthentication yes`
			`{% endif %}`