This repository was archived by the owner on Dec 26, 2020. It is now read-only.
File tree Expand file tree Collapse file tree 2 files changed +17
-11
lines changed
roles/ansible-ssh-hardening Expand file tree Collapse file tree 2 files changed +17
-11
lines changed Original file line number Diff line number Diff line change @@ -68,3 +68,9 @@ ssh_print_motd: false # sshd
6868
6969# false to disable display of last login information
7070ssh_print_last_log : false # sshd
71+
72+ # true to enable sftp configuration
73+ sftp_enabled : false
74+
75+ # change default sftp chroot location
76+ sftp_chroot_dir : /home/%u
Original file line number Diff line number Diff line change @@ -208,20 +208,20 @@ PrintLastLog {{ 'yes' if ssh_print_last_log else 'no' }}
208208#UseDNS yes
209209#PidFile /var/run/sshd.pid
210210#MaxStartups 10
211- #ChrootDirectory none
212- #ChrootDirectory /home/%u
213211
212+ {% if sftp_enabled %}
214213# Configuration, in case SFTP is used
215214## override default of no subsystems
216215## Subsystem sftp /opt/app/openssh5/libexec/sftp-server
217- # Subsystem sftp internal-sftp -l VERBOSE
216+ Subsystem sftp internal-sftp -l INFO -f LOCAL6
218217#
219218## These lines must appear at the *end* of sshd_config
220- #Match Group sftponly
221- #ForceCommand internal-sftp -l VERBOSE
222- #ChrootDirectory /sftpchroot/home/%u
223- #AllowTcpForwarding no
224- #AllowAgentForwarding no
225- #PasswordAuthentication no
226- #PermitRootLogin no
227- #X11Forwarding no
219+ Match Group sftponly
220+ ForceCommand internal-sftp -l INFO -f LOCAL6
221+ ChrootDirectory {{ sftp_chroot_dir }}
222+ AllowTcpForwarding no
223+ AllowAgentForwarding no
224+ PasswordAuthentication no
225+ PermitRootLogin no
226+ X11Forwarding no
227+ {% endif %}
You can’t perform that action at this time.
0 commit comments