add ssh_banner_path variable (#316)

Signed-off-by: Volodymyr Litvak <[email protected]>

Author: liteua

README.md

@@ -57,6 +57,7 @@ Warning: This role disables root-login on the target server! Please make sure yo
 |`ssh_client_password_login` | false | `true` to allow password-based authentication with the ssh client |
 |`ssh_server_password_login` | false | `true` to allow password-based authentication with the ssh server |
 |`ssh_banner` | `false` | `true` to print a banner on login |
+|`ssh_banner_path`| '/etc/sshd/banner.txt' | path to the SSH banner file |
 |`ssh_client_hardening` | `true` | `false` to stop harden the client |
 |`ssh_client_port` | `'22'` | Specifies the port number to connect on the remote host. |
 |`ssh_client_compression` | `false` | Specifies whether the client requests compression. |

defaults/main.yml

@@ -137,9 +137,12 @@ ssh_print_motd: false               # sshd
 # false to disable display of last login information
 ssh_print_last_log: false           # sshd
 
-# false to disable serving /etc/ssh/banner.txt before authentication is allowed
+# false to disable serving ssh warning banner before authentication is allowed
 ssh_banner: false                   # sshd
 
+# path to file with ssh warning banner 
+ssh_banner_path: '/etc/ssh/banner.txt'
+
 # false to disable distribution version leakage during initial protocol handshake
 ssh_print_debian_banner: false      # sshd (Debian OS family only)
 

templates/opensshd.conf.j2

@@ -231,7 +231,7 @@ PrintMotd {{ 'yes' if (ssh_print_motd|bool) else 'no' }}
 PrintLastLog {{ 'yes' if (ssh_print_last_log|bool) else 'no' }}
 {% endif %}
 
-Banner {{ '/etc/ssh/banner.txt' if (ssh_banner|bool) else 'none' }}
+Banner {{ ssh_banner_path if (ssh_banner|bool) else 'none' }}
 
 {% if ansible_facts.os_family == 'Debian' %}
 DebianBanner {{ 'yes' if (ssh_print_debian_banner|bool) else 'no' }}