Harmonise the hardening parameters

stadtnavi · Nov 18, 2024 · 6edb852 · 6edb852
1 parent c8196c9
commit 6edb852
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 11 deletions.
diff --git a/group_vars/all.yml b/group_vars/all.yml
@@ -24,13 +24,14 @@ firewall_allowed_tcp_ports:
 firewall_state: started
 firewall_enabled_at_boot: true
 firewall_flush_rules_and_chains: false
+
 # ssh hardening
 network_ipv6_enable: true
-ssh_allow_agent_forwarding: "yes"
+ssh_allow_agent_forwarding: true
 ssh_permit_tunnel: "yes"
 ssh_allow_tcp_forwarding: "yes"
-sftp_enabled: "yes"
-sftp_chroot: "yes"
+sftp_enabled: true
+sftp_chroot: true
 
 certbot_certs:
   - domains:

diff --git a/group_vars/infrastructure.yml b/group_vars/infrastructure.yml
@@ -3,14 +3,6 @@ server_name: photon-eu.stadtnavi.eu
 
 matrix_room_address: "!UXrSFkkJoppiEZEfgC:matrix.org"
 
-# ssh hardening
-network_ipv6_enable: true
-ssh_allow_agent_forwarding: true
-ssh_permit_tunnel: "yes"
-ssh_allow_tcp_forwarding: "yes"
-sftp_enabled: true
-sftp_chroot: true
-
 firewall_state: stopped
 firewall_allowed_tcp_ports:
   - "22"