Add a playbook for sshd configuration

2 files changed, 35 insertions, 0 deletions

diff --git a/playbooks.d/ssh/share/motd b/playbooks.d/ssh/share/motd
new file mode 100644
index 0000000..7fc4e34
--- /dev/null
+++ b/playbooks.d/ssh/share/motd
@@ -0,0 +1,8 @@
+          ████████╗██╗   ██╗██╗██╗        ███╗   ██╗███████╗████████╗
+          ╚══██╔══╝╚██╗ ██╔╝██║██║        ████╗  ██║██╔════╝╚══██╔══╝
+             ██║    ╚████╔╝ ██║██║        ██╔██╗ ██║█████╗     ██║
+             ██║     ╚██╔╝  ██║██║        ██║╚██╗██║██╔══╝     ██║
+             ██║      ██║   ██║███████╗██╗██║ ╚████║███████╗   ██║
+             ╚═╝      ╚═╝   ╚═╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝   ╚═╝
+
+Welcome to ${fqdn}, last updated on ${time}.
diff --git a/playbooks.d/ssh/share/sshd_config b/playbooks.d/ssh/share/sshd_config
new file mode 100644
index 0000000..97bea2e
--- /dev/null
+++ b/playbooks.d/ssh/share/sshd_config
@@ -0,0 +1,27 @@
+# Connectivity
+Port 22
+AddressFamily any
+ListenAddress 0.0.0.0
+ListenAddress ::
+
+# Fluff
+PrintMotd yes
+
+# SFTP
+Subsystem sftp ${sftp}
+
+# Authentication
+AuthorizedKeysFile /etc/ssh/authorized_keys .ssh/authorized_keys
+PermitRootLogin no
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+PubkeyAuthentication no
+
+# Allow tyil
+Match User tyil
+    PubkeyAuthentication yes
+
+# Allow public key authentication over VPN
+Match Address 10.57.0.0/16
+    PubkeyAuthentication yes
+    PermitRootLogin prohibit-password