579f0709ce
- Refactor Makefile to enhance command structure, including clearer descriptions and usage examples for targets related to development, inventory, and monitoring tasks. - Update inventory files to ensure correct host configurations and user settings, including adjustments to ansible_user for specific hosts. - Modify group_vars to streamline Tailscale configuration and ensure proper handling of authentication keys. These changes improve the clarity and usability of the Makefile and inventory setup, facilitating smoother operations across the infrastructure.
44 lines
1.1 KiB
YAML
44 lines
1.1 KiB
YAML
---
|
|
# SSH server configuration
|
|
ssh_port: 22
|
|
ssh_listen_addresses: ['0.0.0.0']
|
|
ssh_permit_root_login: 'yes'
|
|
ssh_password_authentication: 'yes'
|
|
ssh_pubkey_authentication: 'yes'
|
|
ssh_max_auth_tries: 3
|
|
ssh_client_alive_interval: 300
|
|
ssh_max_sessions: 10
|
|
ssh_allowed_users: [] # Restrict to specific users
|
|
ssh_allowed_groups: ['sudo']
|
|
|
|
# Security hardening
|
|
ssh_kex_algorithms:
|
|
- curve25519-sha256@libssh.org
|
|
- diffie-hellman-group16-sha512
|
|
ssh_ciphers:
|
|
- chacha20-poly1305@openssh.com
|
|
- aes256-gcm@openssh.com
|
|
ssh_macs:
|
|
- hmac-sha2-256-etm@openssh.com
|
|
- hmac-sha2-512-etm@openssh.com
|
|
|
|
# Additional security settings
|
|
ssh_protocol: 2
|
|
ssh_use_dns: 'no'
|
|
ssh_permit_empty_passwords: 'no'
|
|
ssh_challenge_response_auth: 'no'
|
|
ssh_gss_api_authentication: 'no'
|
|
ssh_x11_forwarding: 'no'
|
|
ssh_print_motd: 'no'
|
|
ssh_tcp_keep_alive: 'yes'
|
|
ssh_compression: 'no'
|
|
|
|
# Log level (QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, DEBUG3)
|
|
ssh_log_level: 'INFO'
|
|
|
|
# Maximum number of concurrent unauthenticated connections
|
|
ssh_max_startups: '10:30:100'
|
|
|
|
# Timeout for authentication
|
|
ssh_login_grace_time: '2m'
|