dellemc.enterprise_sonic.sonic_ssh module – Manage SSH configurations on SONiC
Note
This module is part of the dellemc.enterprise_sonic collection (version 3.0.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic.
To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_ssh.
New in dellemc.enterprise_sonic 3.0.0
Synopsis
This module provides SSH configuration management to specify the algorithms used for SSH connection in devices running SONiC.
Parameters
Parameter |
Comments |
|---|---|
SSH clients and servers use the following configurations for SSH connections. |
|
SSH client configuration |
|
Cipher algorithm used in SSH connection for encryption. When configured, this value is used by SSH clients which communicate with the server. Specify as a comma separated list. Options are aes128-ctr, aes192-ctr, aes256-ctr |
|
KEX algorithm used in SSH connection for key exchange. When configured, this value is used by SSH clients which communicate with the server. Specify as a comma separated list. Options are curve25519-sha256, curve25519-sha256@libssh.org ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 and diffie-hellman-group14-sha256 |
|
MAC algorithm used in SSH connection for generating and verifying Message Authentication Codes. When configured, this value is used by SSH clients which communicate with the server. Specify as a comma separated list. Options are umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, umac-128@openssh.com, hmac-sha2-256 and hmac-sha2-512 |
|
The state specifies the type of configuration update to be performed on the device. If the state is “merged”, merge specified attributes with existing configured attributes. For “deleted”, delete the specified attributes from existing configuration. For “replaced”, replace on-device SSH configuration with the specified configuration. For “overridden”, override on-device SSH configurations with the specified configuration. Choices:
|
Notes
Note
Tested against Enterprise SONiC Distribution by Dell Technologies.
Supports
check_mode.
Examples
# Using deleted
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep "ip ssh client"
# ip ssh client ciphers aes192-ctr,[email protected]
# ip ssh client macs [email protected],[email protected]
# ip ssh client kexalgorithms curve25519-sha256,diffie-hellman-group16-sha512
# sonic#
- name: Delete specified SSH configurations
dellemc.enterprise_sonic.sonic_ssh:
config:
client:
cipher: 'aes192-ctr,[email protected]'
mac: '[email protected],[email protected]'
state: deleted
# After State:
# ------------
#
# sonic# show running-configuration | grep "ip ssh client"
# ip ssh client kexalgorithms curve25519-sha256,diffie-hellman-group16-sha512
# sonic#
# Using deleted
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep "ip ssh client"
# ip ssh client ciphers aes192-ctr,[email protected]
# ip ssh client kexalgorithms curve25519-sha256,diffie-hellman-group16-sha512
# ip ssh client macs [email protected],[email protected]
# sonic#
- name: Delete all SSH configurations
dellemc.enterprise_sonic.sonic_ssh:
config:
state: deleted
# After State:
# ------------
#
# sonic# show running-configuration | grep "ip ssh client"
# (No "ip ssh client" configuration present)
# sonic#
# Using merged
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep "ip ssh client"
# sonic
# (No "ip ssh client" configuration present)
- name: Modify SSH configurations
dellemc.enterprise_sonic.sonic_ssh:
config:
client:
cipher: 'aes192-ctr,[email protected]'
mac: '[email protected],[email protected]'
kex: 'curve25519-sha256,diffie-hellman-group16-sha512'
state: merged
# After State:
# ------------
#
# sonic# show running-configuration | grep "ip ssh client"
# ip ssh client ciphers aes192-ctr,[email protected]
# ip ssh client kexalgorithms curve25519-sha256,diffie-hellman-group16-sha512
# ip ssh client macs [email protected],[email protected]
# sonic#
# Using replaced
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep "ip ssh client"
# ip ssh client ciphers aes192-ctr,[email protected]
# ip ssh client kexalgorithms curve25519-sha256,diffie-hellman-group16-sha512
# ip ssh client macs [email protected],[email protected]
# sonic#
- name: Modify SSH configurations
dellemc.enterprise_sonic.sonic_ssh:
config:
client:
cipher: 'aes256-ctr'
kex: 'curve25519-sha256,diffie-hellman-group16-sha512'
state: replaced
# After State:
# ------------
#
# sonic# show running-configuration | grep "ip ssh client"
# ip ssh client ciphers aes256-ctr
# ip ssh client kexalgorithms curve25519-sha256,diffie-hellman-group16-sha512
# sonic#
# Using overridden
#
# Before State:
# -------------
#
# sonic# show running-configuration | grep "ip ssh client"
# ip ssh client ciphers aes192-ctr,[email protected]
# ip ssh client kexalgorithms curve25519-sha256,diffie-hellman-group16-sha512
# ip ssh client macs [email protected],[email protected]
# sonic#
- name: Modify SSH configurations
dellemc.enterprise_sonic.sonic_ssh:
config:
client:
cipher: 'aes256-ctr'
mac: '[email protected],[email protected]'
state: overridden
# After State:
# ------------
#
# sonic# show running-configuration | grep "ip ssh client"
# ip ssh client ciphers aes256-ctr
# ip ssh client macs [email protected],[email protected]
# sonic#
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The resulting configuration model invocation. Returned: when changed Sample: |
|
The generated configuration from module invocation. Returned: when Sample: |
|
The configuration prior to the model invocation. Returned: always Sample: |
|
The set of commands pushed to the remote device. Returned: always Sample: |