875f635ab4
This patch gets rid of the old "special notes" section that was a dead-end in the documentation and replaces it with a brief header followed by a dynamically-generated list of tag-specific documentation. All of this sits underneath the "Hardening Domains" section. It also splits the "Deviations" documentation into its own section because it's quite important for a deployer to review. The patch also includes a link to video/slides from the Boston Summit, which provided the latest updates for the project and some background on how everything fits together. Change-Id: I1a5e78733c301335fe1bcfcee36cc146d690b841
24 lines
816 B
ReStructuredText
24 lines
816 B
ReStructuredText
sshd - SSH daemon
|
|
=================
|
|
|
|
The SSH daemon, ``sshd``, provides secure, encrypted access to Linux servers.
|
|
|
|
Overview
|
|
--------
|
|
|
|
The STIG has several requirements for ssh server configuration and these
|
|
requirements are applied by default by the role. To opt-out or change these
|
|
requirements, see the section under the ``## ssh server (sshd)`` comment in
|
|
``defaults/main.yml``.
|
|
|
|
Deviation for PermitRootLogin
|
|
There is one deviation from the STIG for the ``PermitRootLogin``
|
|
configuration option. The STIG requires that direct root logins are
|
|
disabled, and this is the recommended setting for secure production
|
|
environments.
|
|
|
|
However, this can cause problems in some existing environments and the
|
|
default for the role is to set it to ``yes`` (direct root logins allowed).
|
|
|
|
.. include:: auto_sshd.rst
|