Documentation
PLEASE NOTE: This document applies to latest version and not to the latest stable release v2.20
Documentation for other releases can be found by using the version selector in the top right of any doc page.sshd_config
Manage SSH server configuration in /etc/ssh/sshd_config.
Attributes
check_mode:
support: full
Parameters
| Parameter | Required | Type | Values | Description |
|---|---|---|---|---|
| backup | boolean | Create a backup file before making changes. [default: false] |
||
| match_criteria | string | Match block criteria (e.g., “User admin”, “Group ssh-users”). When specified, the option is managed within this Match block. | ||
| option | true | string | The SSH server configuration option name. | |
| path | string | Path to the sshd_config file. [default: "/etc/ssh/sshd_config"] |
||
| state | string | present absent |
Whether the option should be present or absent. [default: "present"] |
|
| validate | boolean | Validate configuration with sshd -t before applying. [default: false] |
||
| value | string | The value to set for the option. Required when state=present. |
Examples
- name: Set SSH port
sshd_config:
option: Port
value: "22"
- name: Disable root login
sshd_config:
option: PermitRootLogin
value: "no"
- name: Disable password authentication
sshd_config:
option: PasswordAuthentication
value: "no"
- name: Remove an option
sshd_config:
option: PermitRootLogin
state: absent
- name: Configure option within Match block
sshd_config:
option: PasswordAuthentication
value: "yes"
match_criteria: User admin
- name: Set multiple options in custom path
sshd_config:
option: MaxAuthTries
value: "3"
path: /etc/ssh/sshd_config.d/custom.conf
validate: true
- name: Create backup before change
sshd_config:
option: PermitRootLogin
value: "no"
backup: true