Set up an OpenSSH client in Debian-like systems.
None
-
ssh_client_install: [default:[]]: Additional packages to install -
ssh_client_configurations: [default:ssh_client_default_configuration, seevars/main.yml]: Configuration declaration(s) -
ssh_client_configurations.{n}.dest: [required]: The remote path of the configuration file (e.g./etc/ssh/ssh_config,~cacti/.ssh/config) -
ssh_client_configurations.{n}.owner: [default:root]: The name of the user that should own the file -
ssh_client_configurations.{n}.group: [default:owner,root]: The name of the group that should own the file -
ssh_client_configurations.{n}.hosts: [default:[]]: Host declaration(s) -
ssh_client_configurations.{n}.hosts.{n}.pattern: [required]: Pattern to match hosts (e.g.*,['*.co.uk', '192.168.0.?']) -
ssh_client_configurations.{n}.hosts.{n}.host_name: [optional]: Specifies the real host name to log into. This can be used to specify nicknames or abbreviations for hosts -
ssh_client_configurations.{n}.hosts.{n}.forward_agent: [optional]: Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine -
ssh_client_configurations.{n}.hosts.{n}.forward_x11: [optional]: Specifies whether X11 connections will be automatically redirected over the secure channel and DISPLAY set -
ssh_client_configurations.{n}.hosts.{n}.forward_x11_trusted: [optional]: If this option is set totrue, remote X11 clients will have full access to the original X11 display -
ssh_client_configurations.{n}.hosts.{n}.rhosts_rsa_authentication: [optional]: Specifies whether to try rhosts based authentication with RSA host authentication -
ssh_client_configurations.{n}.hosts.{n}.rsa_authentication: [optional]: Specifies whether to try RSA authentication -
ssh_client_configurations.{n}.hosts.{n}.password_authentication: [optional]: Specifies whether to use password authentication -
ssh_client_configurations.{n}.hosts.{n}.hostbased_authentication: [optional]: Specifies whether to try rhosts based authentication with public key authentication -
ssh_client_configurations.{n}.hosts.{n}.gssapi_authentication: [optional]: Specifies whether user authentication based on GSSAPI is allowed -
ssh_client_configurations.{n}.hosts.{n}.gssapi_delegate_credentials: [optional]: Forward (delegate) credentials to the server -
ssh_client_configurations.{n}.hosts.{n}.gssapi_key_exchange: [optional]: Specifies whether key exchange based on GSSAPI may be used. When using GSSAPI key exchange the server need not have a host key -
ssh_client_configurations.{n}.hosts.{n}.gssapi_trust_dns: [optional]: Set totrueto indicate that the DNS is trusted to securely canonicalize the name of the host being connected to. Iffalse, the hostname entered on the command line will be passed untouched to the GSSAPI library -
ssh_client_configurations.{n}.hosts.{n}.batch_mode: [optional]: If set totrue, passphrase/password querying will be disabled -
ssh_client_configurations.{n}.hosts.{n}.check_host_ip: [optional]: If this flag is set totrue,sshwill additionally check the host IP address in the known_hosts file -
ssh_client_configurations.{n}.hosts.{n}.address_family: [optional]: Specifies which address family to use when connecting. Valid arguments areany,inet(use IPv4 only), orinet6(use IPv6 only) -
ssh_client_configurations.{n}.hosts.{n}.connect_timeout: [optional]: Specifies the timeout (in seconds) used when connecting to the SSH server, instead of using the default system TCP timeout -
ssh_client_configurations.{n}.hosts.{n}.strict_host_key_checking: [optional]: If this flag is set totrue,sshwill never automatically add host keys to the~/.ssh/known_hostsfile, and refuses to connect to hosts whose host key has changed -
ssh_client_configurations.{n}.hosts.{n}.identity_file: [optional]: Specifies a file from which the user’s RSA or DSA authentication identity is read. It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence (e.g.['~/.ssh/identity', '~/.ssh/id_rsa', '~/.ssh/id_dsa']) -
ssh_client_configurations.{n}.hosts.{n}.port: [optional]: Specifies the port number to connect on the remote host -
ssh_client_configurations.{n}.hosts.{n}.protocol: [optional]: Specifies the protocol versions ssh(1) should support in order of preference (e.g.[2, 1]) -
ssh_client_configurations.{n}.hosts.{n}.cipher: [optional]: Specifies the cipher to use for encrypting the session in protocol version 1 (e.g.3des) -
ssh_client_configurations.{n}.hosts.{n}.ciphers: [optional]: Specifies the ciphers allowed for protocol version 2 in order of preference (e.g.[aes128-ctr, aes192-ctr, aes256-ctr, arcfour256, arcfour128, aes128-cbc, 3des-cbc]) -
ssh_client_configurations.{n}.hosts.{n}.macs: [optional]: Specifies the MAC (message authentication code) algorithms in order of preference (e.g.[hmac-md5, hmac-sha1, umac-64@openssh.com, hmac-ripemd160]) -
ssh_client_configurations.{n}.hosts.{n}.escape_char: [optional]: Sets the escape character (e.g.~) -
ssh_client_configurations.{n}.hosts.{n}.tunnel: [optional]: Requesttundevice forwarding between the client and the server -
ssh_client_configurations.{n}.hosts.{n}.tunnel_device: [optional]: Specifies thetundevices to open on the client (local_tun) and the server -
ssh_client_configurations.{n}.hosts.{n}.permit_local_command: [optional]: Allow local command execution via theLocalCommandoption or using the!commandescape sequence inssh -
ssh_client_configurations.{n}.hosts.{n}.visual_host_key: [optional]: If this flag is set toyes, an ASCII art representation of the remote host key fingerprint is printed in addition to the hex fingerprint string at login and for unknown host keys -
ssh_client_configurations.{n}.hosts.{n}.proxy_command: [optional]: Specifies the command to use to connect to the server -
ssh_client_configurations.{n}.hosts.{n}.rekey_limit: [optional]: Specifies the maximum amount of data that may be transmitted before the session key is renegotiated -
ssh_client_configurations.{n}.hosts.{n}.send_env: [optional]: Specifies what variables from the localenvironshould be sent to the server -
ssh_client_configurations.{n}.hosts.{n}.global_known_hosts_file: [optional]: Specifies one or more files to use for the global host key database, list of files -
ssh_client_configurations.{n}.hosts.{n}.user_known_hosts_file: [optional]: Specifies one or more files to use for the user host key database, list of files -
ssh_client_configurations.{n}.hosts.{n}.hash_known_hosts: [optional]: Indicates thatsshshould hash host names and addresses when they are added to~/.ssh/known_hosts -
ssh_client_configurations.{n}.hosts.{n}.compression: [optional]: Specifies whether to use compression -
ssh_client_configurations.{n}.hosts.{n}.compression_level: [optional]: Specifies the compression level to use if compression is enabled -
ssh_client_configurations.{n}.hosts.{n}.control_master: [optional]: Enables the sharing of multiple sessions over a single network connection (e.g.'yes','no','ask','auto') -
ssh_client_configurations.{n}.hosts.{n}.control_path: [optional]: Specify the path to the control socket used for connection sharing as described in theControlMastersection above or the stringnoneto disable connection sharing (e.g.~/.ssh/control-master/%r@%h:%p) -
ssh_client_configurations.{n}.hosts.{n}.control_persist: [optional]: When used in conjunction withControlMaster, specifies that the master connection should remain open in the background (waiting for future client connections) after the initial client connection has been closed (e.g.'no','yes','60m') -
ssh_client_configurations.{n}.hosts.{n}.use_roaming: [optional]:
None
---
- hosts: all
roles:
- oefenweb.ssh-client
vars:
ssh_client_custom_configurations:
- dest: '~cacti/.ssh/config'
owner: cacti
hosts:
- pattern: ['*']
control_master: 'auto'
control_path: '~/.ssh/control-master/%r@%h:%p'
control_persist: '60m'
- dest: '~vagrant/.ssh/config'
owner: vagrant
hosts:
- pattern: ['bitbucket-repo-1']
host_name: bitbucket.org
identity_file:
- '~/.ssh/bitbucket-repo-1'
- pattern: ['bitbucket-repo-2']
host_name: bitbucket.org
identity_file:
- '~/.ssh/bitbucket-repo-2'
ssh_client_configurations: "{{ ssh_client_default_configuration + ssh_client_custom_configurations }}"MIT
Mischa ter Smitten
Are welcome!