Giorgio Crivellari miticojo
miticojo
/ secure-ssh.yml
Created
August 16, 2017 23:17
— forked from cmavr8/secure-ssh.yml
Secure SSH configuration ansible playbook
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SSH server settings, in line with https://stribika.github.io/2015/01/04/secure-secure-shell.html | |
| # Before using, change myhosts to your hosts' nickname and myuser to your username (two instances! make sure you replace both or you'll be locked out of ssh!) | |
| - hosts: myhosts | |
| become: true | |
| remote_user: myuser | |
| tasks: | |
| # Key exchange, ciphers and MACs | |
| - lineinfile: dest=/etc/ssh/sshd_config regexp='^KexAlgorithms' line='KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256' | |
miticojo
/ ssh_config
Created
August 16, 2017 23:16
— forked from bonsi/ssh_config
Secure SSH Config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Recommendations from https://stribika.github.io/2015/01/04/secure-secure-shell.html | |
| # Github needs diffie-hellman-group-exchange-sha1 some of the time but not always. | |
| #Host github.com | |
| # KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 | |
| Host * | |
| KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256 | |
| Host * |
miticojo
/ ldap.py
Created
March 7, 2017 15:31
— forked from jongillies/ldap.py
Default /etc/tower/conf.d/ldap.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # LDAP AUTHENTICATION SETTINGS | |
| ############################################################################### | |
| # Ansible Tower can be configured to centrally use LDAP as a source for | |
| # authentication information. When so configured, a user who logs in with | |
| # a LDAP username and password will automatically get an account created for | |
| # them, and they can be automatically placed into multiple organizations as | |
| # either regular users or organization administrators. If users are created | |
| # via an LDAP login, by default they cannot change their username, firstname, |
miticojo
/ bootstrap-bastion.sh
Created
January 2, 2017 01:31
— forked from wjordan/bootstrap-bastion.sh
AWS Bastion host bootstrap script. Source: https://s3.amazonaws.com/awsiammedia/public/sample/RecordSSHSessionsBastionHost/template.json
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -x | |
| yum -y update --security | |
| ########################## | |
| ## ENABLE SSH RECORDING ## | |
| ########################## | |
| # Create a new folder for the log files | |
| mkdir /var/log/bastion |