override[‘ssh-hardening‘][‘ssh‘][‘server‘][‘listen_to‘] = node[‘ipaddress‘]

• [‘ssh-hardening’][‘network’][‘ipv6’][‘enable’] – false. Set to true if IPv6 is needed
• [‘ssh-hardening’][‘ssh’][‘ports’] – 22. Ports to which ssh-server should listen to and ssh-client should connect to
• [‘ssh-hardening’][‘ssh’][{‘client’, ‘server’}][‘kex’] – nil to calculate best key-exchange (KEX) based on server version, otherwise specify a string of Kex values
• [‘ssh-hardening’][‘ssh’][{‘client’, ‘server’}][‘mac’] – nil to calculate best Message Authentication Codes (MACs) based on server version, otherwise specify a string of Mac values
• [‘ssh-hardening’][‘ssh’][{‘client’, ‘server’}][‘cipher’] – nil to calculate best ciphers based on server version, otherwise specify a string of Cipher values
• [‘ssh-hardening’][‘ssh’][{‘client’, ‘server’}][‘cbc_required’] – false. Set to true if CBC for ciphers is required. This is usually only necessary, if older M2M mechanism need to communicate with SSH, that don’t have any of the configured secure ciphers enabled. CBC is a weak alternative. Anything weaker should be avoided and is thus not available.
• [‘ssh-hardening’][‘ssh’][{‘client’, ‘server’}][‘weak_hmac’] – false. Set to true if weaker HMAC mechanisms are required. This is usually only necessary, if older M2M mechanism need to communicate with SSH, that don’t have any of the configured secure HMACs enabled.
• [‘ssh-hardening’][‘ssh’][{‘client’, ‘server’}][‘weak_kex’] – false. Set to true if weaker Key-Exchange (KEX) mechanisms are required. This is usually only necessary, if older M2M mechanism need to communicate with SSH, that don’t have any of the configured secure KEXs enabled.
• [‘ssh-hardening’][‘ssh’][‘client’][‘remote_hosts’] – [] – one or more hosts, to which ssh-client can connect to.
• [‘ssh-hardening’][‘ssh’][‘client’][‘password_authentication’] – false. Set to true if password authentication should be enabled.
• More…