Ansible role to configure the OpenSSH ssh server. Use Eliptic cureve cryptografie for your ssh keys e.g.:

ssh-keygen -t ed25519

Remember: Have a look into defaults/main.yml for all possible variables.

restrict_allow_users: True

With tis option you can enable or disable if a user needs to be in a special defined group. Like wheels, sudo or something else. The default ddh groups are admins and root

only_allow_ed25519: true 

Force ssh to deny all ssh keys except for eliptic curve ed25519 keys.

sshd_password_authentication: 'no' 

Change the string from 'no' to 'yes' if you want to log in with a password (not recomended).

There are some other cryptographic algorythmen you could enable...

Define the users (and optional their ssh keys) for the ssh config template:

users:
  l3d:
    - l3d
  ottojo:
   - ottojo@uni
   - ottojo@home

-> This means l3d and ottojo are able to login.

• sshd.conf:

• Secure Secure Shell

• This role will not deploy or touch any ssh public keys. There are other roles to do that.
• Be carefull if you don't have a eliptic curve ed25519 key. only_allow_ed25519: true is the default option.
  • If you really have to deal with RSA Keys or simmilar, you should think about a backup ed25519 ssh key. Better a backup than beeing locked out!