dellemc.enterprise_sonic.sonic_ssh_server module – Manage SSH server configurations on SONiC

Note

This module is part of the dellemc.enterprise_sonic collection (version 3.2.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install dellemc.enterprise_sonic.

To use it in a playbook, specify: dellemc.enterprise_sonic.sonic_ssh_server.

New in dellemc.enterprise_sonic 3.1.0

Synopsis

• This module provides SSH server configuration management to specify the algorithms used for SSH connection in devices running SONiC.

Parameters

Parameter	Comments
config dictionary	SSH servers use the following configurations for SSH connections.
server_globals dictionary	SSH server global configuration. For options of ‘str’ type, deletion results in restoring them to their default values.
ciphers string	Configure ciphers on ssh server. Defaults are aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com, aes128-gcm@openssh.com,aes256-gcm@openssh.com.
disable_forwarding boolean	Configure disable forwarding on ssh server. Default is False. Choices: false true
hostkeyalgorithms string	Configure hostkey algorithms on ssh server. Defaults are ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-rsa.
kexalgorithms string	Configure key exchange algorithms. Defaults are curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256, ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,
macs string	Configure macs on ssh server. Defaults are umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512.
max_auth_retries integer	Number of authentication retries allowed before session terminates. Range 0-10. Default is 6.
password_authentication boolean	Configure password authentication on ssh server. By default it is enabled. Default is True. Choices: false true
permit_root_login boolean	Configure permit root login on ssh server. Default is False. Choices: false true
permit_user_environment boolean	Configure permit user environment on ssh server. Default is False. Choices: false true
permit_user_rc boolean	Configure permit user rc on ssh server. Default is True. Choices: false true
publickey_authentication boolean	Configure publickey authentication on ssh server. Default is True. Choices: false true
x11_forwarding boolean	Configure x11 forwarding on ssh server. Default is False. Choices: false true
state string	The state of the configuration after module completion. Choices: "merged" ← (default) "deleted" "replaced" "overridden"

Examples

# Using "deleted" state
#
# Before state:
# -------------
#
# sonic# show running-configuration | grep "ip ssh"
# ip ssh disable-publickey-authentication true
# sonic#

- name: Delete specified SSH configurations
  dellemc.enterprise_sonic.sonic_ssh_server:
    config:
      server_globals:
        publickey_authentication: false
    state: deleted

# After state:
# ------------
#
# sonic# show running-configuration | grep "ip ssh"
# ip ssh disable-publickey-authentication false
# sonic#


# Using "merged" state
#
# Before state:
# -------------
#
# sonic# show running-configuration | grep "ip ssh"
# ip ssh disable-publickey-authentication false
# sonic#

- name: Modify SSH configurations
  dellemc.enterprise_sonic.sonic_ssh_server:
    config:
      server_globals:
        publickey_authentication: false
    state: merged

# After state:
# ------------
#
# sonic# show running-configuration | grep "ip ssh"
# ip ssh disable-publickey-authentication true
# sonic#


# Using "replaced" state
#
# Before state:
# -------------
#
# sonic# show running-configuration | grep "ip ssh client"
# ip ssh client ciphers aes192-ctr,[email protected]
# ip ssh client kexalgorithms curve25519-sha256,diffie-hellman-group16-sha512
# ip ssh client macs [email protected],[email protected]
# sonic#

- name: Replace SSH configurations
  dellemc.enterprise_sonic.sonic_ssh:
    config:
      server_globals:
        cipher: 'aes256-ctr'
        kex: 'curve25519-sha256,diffie-hellman-group16-sha512'
    state: replaced

# After state:
# ------------
#
# sonic# show running-configuration | grep "ip ssh client"
# ip ssh client ciphers aes256-ctr
# ip ssh client kexalgorithms curve25519-sha256,diffie-hellman-group16-sha512
# sonic#


# Using "overridden" state
#
# Before state:
# -------------
#
# sonic# show running-configuration | grep "ip ssh"
# ip ssh disable-publickey-authentication false
# sonic#

- name: Override SSH configurations
  dellemc.enterprise_sonic.sonic_ssh:
    config:
      server_globals:
        publickey_authentication: false
    state: overridden

# After state:
# ------------
#
# sonic# show running-configuration | grep "ip ssh"
# ip ssh disable-publickey-authentication true
# sonic#

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
after dictionary	The configuration resulting from module invocation. Returned: when changed Sample: "The configuration returned will always be in the same format\n of the parameters above.\n"
after(generated) dictionary	The configuration that would be generated by module invocation in non-check mode. Returned: when check_mode Sample: "The configuration returned will always be in the same format as the parameters above.\n"
before dictionary	The configuration prior to the model invocation. Returned: always Sample: "The configuration returned will always be in the same format\n of the parameters above.\n"
commands list / elements=string	The set of commands pushed to the remote device. Returned: always Sample: ["command 1", "command 2", "command 3"]

Authors

• Bhavesh (@bhaveshdell)

Collection links

• Issue Tracker
• Repository (Sources)