because of legacy-systems, define defaults (no) kerberos/gssapi

2024-03-26 00:19:47 +01:00 · 2024-03-26 00:19:47 +01:00 · 70cf4caf0d
parent c8ba380f41
commit 70cf4caf0d
1 changed files with 2 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -6,6 +6,8 @@ sshd_permit_root_login: 'prohibit-password'
 sshd_ciphers:           'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr'
 sshd_macs:              'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com'
 sshd_kex_algorithms:    'sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256'
+sshd_kerberos_authentication: 'no'
+sshd_gssapi_authentication: 'no'
 sshd_host_keys:
 - '/etc/ssh/ssh_host_ed25519_key'
 sshd_pubkey_authentication:   'yes'