Move cipher/kex/mac vars to defaults #53
Description
The vars/main.yml lists all whitelisted ciphers, MACs, and key exchange algorithms for sshd. Although the sshd template does a decent job of inferring appropriate settings from the distro and release version, invariably some administers will want to override these settings in typical Ansible fashion. Doing so is currently impossible.
Therefore I propose:
- Folding the contents of
vars/main.ymlintodefaults/main.yml - Prefixing the moved vars with
ssh_to help prevent accidental clobbering in site-wide configs
Since these vars cannot currently be overridden, there is no breaking change in adding the prefix—now's the best time for us to get away with it. Allowing local overrides would be more consistent with Ansible best practices, as well.
I'm happy to write a PR after any discussion here. Being able to override the vars at run time would make it a heck of a lot easier to test improvements for #28, as well—which is really why I bring it up. ;)