From dc5932c26cd71ee1a3e173cbe72a17a37977c6a8 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Mon, 12 Jan 2015 21:57:10 +0000 Subject: [PATCH 1/5] Add badges --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 8e845f9..a1528d4 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +[![Build Status](https://travis-ci.org/WillsherSystems/ansible-sshd.svg?branch=master)](https://travis-ci.org/WillsherSystems/ansible-sshd) [![Ansible Galaxy](http://img.shields.io/badge/galaxy-willshersystems.sshd-660198.svg?style=flat)](https://galaxy.ansible.com/list#/roles/2488) + + OpenSSH Server ============== From 7ef39b761f793507464e3662ff5f78d088288730 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Tue, 13 Jan 2015 13:26:52 +0000 Subject: [PATCH 2/5] Naming tidy up --- handlers/main.yml | 6 +++--- tasks/main.yml | 7 ++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 0c4e58d..90c1ed6 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,9 +1,9 @@ --- -- name: check and reload sshd +- name: check_and_reload_sshd command: "{{ sshd_binary }} -t" - notify: reload sshd + notify: reload_sshd -- name: reload sshd +- name: reload_sshd service: name: "{{ sshd_service }}" state: reloaded diff --git a/tasks/main.yml b/tasks/main.yml index f9ad303..9b5d3d8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Role set up +- name: Set OS dependent variables include_vars: "{{ item }}" with_first_found: - "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml" @@ -19,14 +19,14 @@ tags: - sshd -- name: Configured +- name: Configuration template: src: sshd_config.j2 dest: "{{ sshd_config_file }}" owner: "{{ sshd_config_owner }}" group: "{{ sshd_config_group }}" mode: "{{ sshd_config_mode }}" - notify: check and reload sshd + notify: check_and_reload_sshd tags: - sshd @@ -37,3 +37,4 @@ state: running tags: - sshd + From 13fa494cd80691fca8ef6df8b57eb95dd9428178 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Tue, 13 Jan 2015 13:29:45 +0000 Subject: [PATCH 3/5] Remove blacklist packages --- vars/Debian.yml | 2 -- vars/Debian_8.yml | 2 -- vars/Ubuntu_14.yml | 2 -- 3 files changed, 6 deletions(-) diff --git a/vars/Debian.yml b/vars/Debian.yml index ea81b4c..ca9ff3a 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -2,8 +2,6 @@ sshd_service: ssh sshd_packages: - openssh-server - - openssh-blacklist - - openssh-blacklist-extra - openssh-sftp-server sshd_config_mode: "0644" sshd_defaults: diff --git a/vars/Debian_8.yml b/vars/Debian_8.yml index 1478b25..e3d9298 100644 --- a/vars/Debian_8.yml +++ b/vars/Debian_8.yml @@ -2,8 +2,6 @@ sshd_service: ssh sshd_packages: - openssh-server - - openssh-blacklist - - openssh-blacklist-extra - openssh-sftp-server sshd_config_mode: "0644" sshd_defaults: diff --git a/vars/Ubuntu_14.yml b/vars/Ubuntu_14.yml index 9e46d78..b442796 100644 --- a/vars/Ubuntu_14.yml +++ b/vars/Ubuntu_14.yml @@ -2,8 +2,6 @@ sshd_service: ssh sshd_packages: - openssh-server - - openssh-blacklist - - openssh-blacklist-extra - openssh-sftp-server sshd_config_mode: "0644" sshd_defaults: From 3446c39af16697c592f6389f9af9fd5058761f15 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Tue, 13 Jan 2015 13:29:53 +0000 Subject: [PATCH 4/5] Add warnings --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a1528d4..570b5ef 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ [![Build Status](https://travis-ci.org/WillsherSystems/ansible-sshd.svg?branch=master)](https://travis-ci.org/WillsherSystems/ansible-sshd) [![Ansible Galaxy](http://img.shields.io/badge/galaxy-willshersystems.sshd-660198.svg?style=flat)](https://galaxy.ansible.com/list#/roles/2488) - OpenSSH Server ============== @@ -14,6 +13,16 @@ This role configures the OpenSSH daemon. It: (see [meta/make_option_list](meta/make_option_list)) * Tests the sshd_config before reloading sshd. +**WARNING** Misconfiguration of this role can lock you out of your server! +Please test your configuration and its interaction with your users configuration +before using in production! + +**WARNING** Digital Ocean allows root with passwords via SSH on Debian and +Ubuntu. This is not the default assigned by this module - it will set +`PermitRootLogin without-password` which will allow access via SSH key but not +via simple password. If you need this functionality, be sure to set +`ssh_PermitRootLogin yes` for those hosts. + Requirements ------------ From b8278f0801dad98453dc4b8fac945547a839ea30 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Tue, 13 Jan 2015 13:31:44 +0000 Subject: [PATCH 5/5] Release notes for 0.2.2 --- CHANGELOG | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index a4ecf50..ee98730 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ +0.2.2 13 January 2014 Matt Willsher +- Add warnings to README +- Tidy up naming +- Remove blacklist packages from Debian based distros 0.2.1 12 January 2014 Matt Willsher - Standardise README.md format - Add basic Travis CI testing