Merge branch 'release/0.2.2'

CHANGELOG

@@ -1,3 +1,7 @@
+0.2.2 13 January 2014 Matt Willsher <matt@willsher.systems>
+- Add warnings to README
+- Tidy up naming
+- Remove blacklist packages from Debian based distros
 0.2.1 12 January 2014 Matt Willsher <matt@willsher.systems>
 - Standardise README.md format
 - Add basic Travis CI testing

README.md

@@ -1,3 +1,5 @@
+[![Build Status](https://travis-ci.org/WillsherSystems/ansible-sshd.svg?branch=master)](https://travis-ci.org/WillsherSystems/ansible-sshd) [![Ansible Galaxy](http://img.shields.io/badge/galaxy-willshersystems.sshd-660198.svg?style=flat)](https://galaxy.ansible.com/list#/roles/2488)
+
 OpenSSH Server
 ==============
 
@@ -11,6 +13,16 @@ This role configures the OpenSSH daemon. It:
   (see [meta/make_option_list](meta/make_option_list))
 * Tests the sshd_config before reloading sshd.
 
+**WARNING** Misconfiguration of this role can lock you out of your server!
+Please test your configuration and its interaction with your users configuration
+before using in production!
+
+**WARNING** Digital Ocean allows root with passwords via SSH on Debian and
+Ubuntu. This is not the default assigned by this module - it will set
+`PermitRootLogin without-password` which will allow access via SSH key but not
+via simple password. If you need this functionality, be sure to set
+`ssh_PermitRootLogin yes` for those hosts.
+
 Requirements
 ------------
 

handlers/main.yml

@@ -1,9 +1,9 @@
 ---
-- name: check and reload sshd
+- name: check_and_reload_sshd
   command: "{{ sshd_binary }} -t"
-  notify: reload sshd
+  notify: reload_sshd
 
-- name: reload sshd
+- name: reload_sshd
   service:
     name: "{{ sshd_service }}"
     state: reloaded

tasks/main.yml

@@ -1,5 +1,5 @@
 ---
-- name: Role set up
+- name: Set OS dependent variables
   include_vars: "{{ item }}"
   with_first_found:
    - "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml"
@@ -19,14 +19,14 @@
   tags:
     - sshd
 
-- name: Configured
+- name: Configuration
   template:
     src: sshd_config.j2
     dest: "{{ sshd_config_file }}"
     owner: "{{ sshd_config_owner }}"
     group: "{{ sshd_config_group }}"
     mode: "{{ sshd_config_mode }}"
-  notify: check and reload sshd
+  notify: check_and_reload_sshd
   tags:
     - sshd
 
@@ -37,3 +37,4 @@
     state: running
   tags:
     - sshd
+

vars/Debian.yml

@@ -2,8 +2,6 @@
 sshd_service: ssh
 sshd_packages:
   - openssh-server
-  - openssh-blacklist
-  - openssh-blacklist-extra
   - openssh-sftp-server
 sshd_config_mode: "0644"
 sshd_defaults:

vars/Debian_8.yml

@@ -2,8 +2,6 @@
 sshd_service: ssh
 sshd_packages:
   - openssh-server
-  - openssh-blacklist
-  - openssh-blacklist-extra
   - openssh-sftp-server
 sshd_config_mode: "0644"
 sshd_defaults:

vars/Ubuntu_14.yml

@@ -2,8 +2,6 @@
 sshd_service: ssh
 sshd_packages:
   - openssh-server
-  - openssh-blacklist
-  - openssh-blacklist-extra
   - openssh-sftp-server
 sshd_config_mode: "0644"
 sshd_defaults: