Merge pull request #84 from fullyint/ssh_config_port

rndmh3ro · web-flow · commit fc42747e2398 · 2017-03-14T18:28:07.000+01:00
List only one Port in ssh config
diff --git a/README.md b/README.md
@@ -24,8 +24,8 @@ Warning: This role disables root-login on the target server! Please make sure yo
 |`ssh_server_weak_hmac` | false |true if weaker HMAC mechanisms are required. This is usually only necessary, if older M2M mechanism need to communicate with SSH, that don't have any of the configured secure HMACs enabled.|
 |`ssh_client_weak_kex` | false |true if weaker Key-Exchange (KEX) mechanisms are required. This is usually only necessary, if older M2M mechanism need to communicate with SSH, that don't have any of the configured secure KEXs enabled.|
 |`ssh_server_weak_kex` | false |true if weaker Key-Exchange (KEX) mechanisms are required. This is usually only necessary, if older M2M mechanism need to communicate with SSH, that don't have any of the configured secure KEXs enabled.|
-|`ssh_server_ports` | ['22'] |ports to which ssh-server should listen to|
-|`ssh_client_ports` | ['22'] |ports to which ssh-client should connect to|
+|`ssh_server_ports` | ['22'] |ports on which ssh-server should listen|
+|`ssh_client_port` | '22' |port to which ssh-client should connect|
 |`ssh_listen_to` | ['0.0.0.0'] |one or more ip addresses, to which ssh-server should listen to. Default is all adresseses, but should be configured to specific addresses for security reasons!|
 |`ssh_host_key_files` | ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key'] |Host keys to look for when starting sshd.|
 |`ssh_client_alive_interval` | 600 | specifies an interval for sending keepalive messages |
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -20,11 +20,11 @@ ssh_server_weak_kex: false              # sshd
 # If true, password login is allowed. For sshd, it is always set to no password login.
 ssh_client_password_login: false          # ssh
 
-# ports to which ssh-server should listen to
+# ports on which ssh-server should listen
 ssh_server_ports: ['22']      # sshd
 
-# ports to which ssh-client should connect to
-ssh_client_ports: ['22']      # ssh
+# port to which ssh-client should connect
+ssh_client_port: '22'         # ssh
 
 # one or more ip addresses, to which ssh-server should listen to. Default is empty, but should be configured for security reasons!
 ssh_listen_to: ['0.0.0.0']    # sshd
diff --git a/templates/openssh.conf.j2 b/templates/openssh.conf.j2
@@ -22,9 +22,7 @@ Host {{ host.names | join(' ') }}
 Host *
 
 # The port at the destination should be defined
-{% for port in ssh_client_ports -%}
-Port {{port}}
-{% endfor %}
+Port {{ ssh_client_port }}
 
 # Identity file configuration. You may restrict available identity files. Otherwise ssh will search for a pattern and use any that matches.
 #IdentityFile ~/.ssh/identity
