mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-11-25 20:40:18 +01:00
Merge pull request #135 from Jakuje/cleanup
Cleanup lint issues, update documentation, fix typos
This commit is contained in:
commit
b598348356
12 changed files with 123 additions and 108 deletions
3
.github/workflows/ansible-lint.yml
vendored
3
.github/workflows/ansible-lint.yml
vendored
|
@ -21,7 +21,7 @@ jobs:
|
|||
- name: Lint Ansible Playbook
|
||||
uses: ansible/ansible-lint-action@master
|
||||
with:
|
||||
targets: "tests/test_*.yml"
|
||||
targets: "tests/test_*.yml
|
||||
override-deps: |
|
||||
ansible==2.9
|
||||
args: ""
|
||||
|
@ -36,3 +36,4 @@ jobs:
|
|||
override-deps: |
|
||||
ansible==2.10
|
||||
args: ""
|
||||
|
||||
|
|
12
README.md
12
README.md
|
@ -21,18 +21,18 @@ before using in production!
|
|||
Ubuntu. This is not the default assigned by this module - it will set
|
||||
`PermitRootLogin without-password` which will allow access via SSH key but not
|
||||
via simple password. If you need this functionality, be sure to set
|
||||
`ssh_PermitRootLogin yes` for those hosts.
|
||||
`sshd_PermitRootLogin yes` for those hosts.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
Tested on:
|
||||
|
||||
* Ubuntu precise, trusty
|
||||
* Debian wheezy, jessie
|
||||
* Ubuntu precise, trusty, xenial, bionic, focal
|
||||
* Debian wheezy, jessie, stretch, buster
|
||||
* FreeBSD 10.1
|
||||
* EL 6,7 derived distributions
|
||||
* Fedora 22, 23
|
||||
* EL 6, 7, 8 derived distributions
|
||||
* Fedora 31, 32, 33
|
||||
* OpenBSD 6.0
|
||||
* AIX 7.1, 7.2
|
||||
|
||||
|
@ -97,7 +97,7 @@ sshd:
|
|||
- 0.0.0.0
|
||||
```
|
||||
|
||||
* `ssh_...`
|
||||
* `sshd_...`
|
||||
|
||||
Simple variables can be used rather than a dict. Simple values override dict
|
||||
values. e.g.:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
### USER OPTIONS
|
||||
# Set to False to disable this role completely
|
||||
sshd_enable: True
|
||||
# Set to false to disable this role completely
|
||||
sshd_enable: true
|
||||
|
||||
# Don't apply OS defaults when set to true
|
||||
sshd_skip_defaults: false
|
||||
|
@ -21,7 +21,7 @@ sshd_service_template_socket: sshd.socket.j2
|
|||
sshd_allow_reload: true
|
||||
|
||||
# If the below is true, create a backup of the config file when the template is copied
|
||||
sshd_backup: false
|
||||
sshd_backup: true
|
||||
|
||||
# Empty dicts to avoid errors
|
||||
sshd: {}
|
||||
|
|
|
@ -29,8 +29,9 @@ galaxy_info:
|
|||
- 8
|
||||
- name: Fedora
|
||||
versions:
|
||||
- 22
|
||||
- 23
|
||||
- 31
|
||||
- 32
|
||||
- 33
|
||||
- name: OpenBSD
|
||||
versions:
|
||||
- 6.0
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
---
|
||||
__sshd_config_mode: '0644'
|
||||
__sshd_packages: [ ] # sshd is not installed by yum / AIX toolbox for Linux. You'll need to manually install them using AIX Web Download Packs.
|
||||
# sshd is not installed by yum / AIX toolbox for Linux.
|
||||
# You'll need to manually install them using AIX Web Download Packs.
|
||||
__sshd_packages: []
|
||||
__sshd_sftp_server: /usr/sbin/sftp-server
|
||||
__sshd_config_group: system
|
||||
__sshd_defaults:
|
||||
|
|
|
@ -3,23 +3,9 @@ __sshd_packages:
|
|||
- openssh
|
||||
- openssh-server
|
||||
__sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
||||
# Fedora 32 ships with drop-in directory support so we touch
|
||||
# just included file with highest priority by default and have
|
||||
# empty defaults
|
||||
__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
|
||||
__sshd_defaults:
|
||||
HostKey:
|
||||
- /etc/ssh/ssh_host_rsa_key
|
||||
- /etc/ssh/ssh_host_ecdsa_key
|
||||
- /etc/ssh/ssh_host_ed25519_key
|
||||
SyslogFacility: AUTHPRIV
|
||||
AuthorizedKeysFile: .ssh/authorized_keys
|
||||
PasswordAuthentication: yes
|
||||
ChallengeResponseAuthentication: no
|
||||
GSSAPIAuthentication: yes
|
||||
GSSAPICleanupCredentials: no
|
||||
UsePAM: yes
|
||||
X11Forwarding: yes
|
||||
AcceptEnv:
|
||||
- LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
||||
- LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
||||
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||
- XMODIFIERS
|
||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||
__sshd_os_supported: yes
|
||||
|
|
25
vars/Fedora_31.yml
Normal file
25
vars/Fedora_31.yml
Normal file
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
__sshd_packages:
|
||||
- openssh
|
||||
- openssh-server
|
||||
__sshd_sftp_server: /usr/libexec/openssh/sftp-server
|
||||
__sshd_defaults:
|
||||
HostKey:
|
||||
- /etc/ssh/ssh_host_rsa_key
|
||||
- /etc/ssh/ssh_host_ecdsa_key
|
||||
- /etc/ssh/ssh_host_ed25519_key
|
||||
SyslogFacility: AUTHPRIV
|
||||
AuthorizedKeysFile: .ssh/authorized_keys
|
||||
PasswordAuthentication: yes
|
||||
ChallengeResponseAuthentication: no
|
||||
GSSAPIAuthentication: yes
|
||||
GSSAPICleanupCredentials: no
|
||||
UsePAM: yes
|
||||
X11Forwarding: yes
|
||||
AcceptEnv:
|
||||
- LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
||||
- LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
||||
- LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||
- XMODIFIERS
|
||||
Subsystem: "sftp {{ sshd_sftp_server }}"
|
||||
__sshd_os_supported: yes
|
|
@ -13,7 +13,7 @@ __sshd_defaults:
|
|||
PasswordAuthentication: yes
|
||||
ChallengeResponseAuthentication: no
|
||||
GSSAPIAuthentication: yes
|
||||
GSSAPICleanupCredentials: yes
|
||||
GSSAPICleanupCredentials: no
|
||||
# Note that UsePAM: no is not supported under RHEL/CentOS. See
|
||||
# https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218
|
||||
UsePAM: yes
|
||||
|
|
Loading…
Reference in a new issue