diff options
| author |  Johannes Christ <[email protected]> | 2024-05-01 18:35:53 +0200 |
|---|---|---|
| committer | jchristgit <[email protected]> | 2024-05-01 18:44:56 +0200 |
| commit | ff5f3d8b8957295d7d1ed2c9f51cf9e15c42eda6 (patch) | |
| tree | c1a7fd317d3c450b10649f9e37088ad2a4aa6628 /ansible/roles/ssh | |
| parent | Depend on ansible-core instead of Ansible (diff) | |
Harden SSH security and prevent some misconfigurations
Disable agent forwarding and X11 forwarding in the default
configuration. Users can still forward this if they really want to by
installing a custom forwarder and utilizing their shell access to spawn
it, but with this, we're making it impossible for people to accidentally
forward their agent or their X socket to the remote server.
Additionally, change the SSH configuration such that only the Python
Discord users are allowed to log in.
Diffstat (limited to 'ansible/roles/ssh')
| -rw-r--r-- | ansible/roles/ssh/handlers/main.yml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ansible/roles/ssh/handlers/main.yml b/ansible/roles/ssh/handlers/main.yml new file mode 100644 index 0000000..7b582d9 --- /dev/null +++ b/ansible/roles/ssh/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: Reload ssh + service: + name: ssh + state: reloaded + tags: + - role::ssh |