diff --git a/roles/system/sshd/defaults/main.yml b/roles/system/sshd/defaults/main.yml index 9661a86..73513a5 100644 --- a/roles/system/sshd/defaults/main.yml +++ b/roles/system/sshd/defaults/main.yml @@ -1,7 +1,15 @@ --- -system_sshd_port: 10022 -system_sshd_sign_host_keys: true - -system_sshd_auth_permit_root_login: "no" +# Whether to accept password auth; ‹yes› or ‹no› system_sshd_auth_password_authentication: "no" + +# Whether to allow ‹root› login; ‹yes› or ‹no› +system_sshd_auth_permit_root_login: "no" + +# Whether to setup trusted CA (against the HashiCorp Vault instance) system_sshd_auth_trusted_ca: true + +# Default port where the SSH daemon runs; also adjusts the SELinux policy +system_sshd_port: 10022 + +# [TODO]: Whether to sign the host keys (against the HashiCorp Vault instance) +system_sshd_sign_host_keys: true