fabtools.ssh

OpenSSH tasks

This module provides tools to manage OpenSSH server and client.

fabtools.ssh.harden(allow_root_login=False, allow_password_auth=False, sshd_config='/etc/ssh/sshd_config')[source]

Apply best practices for ssh security.

See fabtools.ssh.disable_password_auth() and fabtools.ssh.disable_root_login() for a detailed description.

import fabtools

# This will apply all hardening techniques.
fabtools.ssh.harden()

# Only apply some of the techniques.
fabtools.ssh.harden(allow_password_auth=True)

# Override the sshd_config file location.
fabtools.ssh.harden(sshd_config='/etc/sshd_config')
fabtools.ssh.disable_password_auth(sshd_config='/etc/ssh/sshd_config')[source]

Do not allow users to use passwords to login via ssh.

fabtools.ssh.enable_password_auth(sshd_config='/etc/ssh/sshd_config')[source]

Allow users to use passwords to login via ssh.

fabtools.ssh.disable_root_login(sshd_config='/etc/ssh/sshd_config')[source]

Do not allow root to login via ssh.

fabtools.ssh.enable_root_login(sshd_config='/etc/ssh/sshd_config')[source]

Allow root to login via ssh.