# -*- coding: utf-8 -*-
# vim: ft=yaml
---
default:
  openssh:
    sshd_enable: true
    sshd_binary: /usr/sbin/sshd
    sshd_config: /etc/ssh/sshd_config
    sshd_config_src: sshd_config  # Default TOFS source filename
    sshd_config_user: root
    sshd_config_group: root
    sshd_config_mode: '644'
    sshd_config_backup: true
    ssh_config: /etc/ssh/ssh_config
    ssh_config_src: ssh_config  # Default TOFS source filename
    ssh_config_user: root
    ssh_config_group: root
    ssh_config_mode: '644'
    ssh_config_backup: true
    banner: /etc/ssh/banner
    banner_src: banner  # Default TOFS source filename
    ssh_known_hosts: /etc/ssh/ssh_known_hosts
    ssh_known_hosts_src: ssh_known_hosts  # Default TOFS source filename
    dig_pkg: dnsutils
    ssh_moduli: /etc/ssh/moduli
    root_group: root
    # Prevent merge of array; always override values
    host_key_algos: ecdsa,ed25519,rsa
    # To manage/remove DSA:
    # host_key_algos: dsa,ecdsa,ed25519,rsa

  sshd_config: {}
  ssh_config: {}