libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-11-24 12:00:19 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update README.html for latest

Browse source
This commit is contained in:
mattwillsher 2024-10-24 16:59:32 +00:00
parent c9d2f29c38
commit d38586d6e9
2 changed files with 20 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
docs/index.html
View file

@ -158,7 +158,7 @@ id="toc-sshd_install_service">sshd_install_service</a></li>
id="toc-sshd_manage_firewall">sshd_manage_firewall</a></li>
<li><a href="#sshd_manage_selinux"
id="toc-sshd_manage_selinux">sshd_manage_selinux</a></li>
<li><a href="#sshd" id="toc-sshd">sshd</a></li>
<li><a href="#sshd_config" id="toc-sshd_config">sshd_config</a></li>
<li><a href="#sshd_optionname"
id="toc-sshd_optionname">sshd_<code>&lt;OptionName&gt;</code></a></li>
<li><a href="#sshd_match-sshd_match_1-through-sshd_match_9"
@ -388,13 +388,16 @@ based OS. The default is <em>false</em>.</p>
<p>NOTE: <code>sshd_manage_selinux</code> is limited to <em>adding</em>
policy. It cannot be used for <em>removing</em> policy. If you want to
remove ports, you will need to use the selinux system role directly.</p>
<h3 id="sshd">sshd</h3>
<h3 id="sshd_config">sshd_config</h3>
<p>A dict containing configuration. e.g.</p>
<div class="sourceCode" id="cb2"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sshd</span><span class="kw">:</span></span>
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sshd_config</span><span class="kw">:</span></span>
<span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">Compression</span><span class="kw">:</span><span class="at"> delayed</span></span>
<span id="cb2-3"><a href="#cb2-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ListenAddress</span><span class="kw">:</span></span>
<span id="cb2-4"><a href="#cb2-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fl">0.0.0.0</span></span></code></pre></div>
<p><em>Note</em>: This variable was previous called <code>sshd</code>.
<code>sshd</code> is can still be used but is deprecated and will be
removed in a future release.</p>
<h3 id="sshd_optionname">sshd_<code>&lt;OptionName&gt;</code></h3>
<p>Simple variables can be used rather than a dict. Simple values
override dict values. e.g.:</p>
@ -577,7 +580,7 @@ to the above variables, respective configuration options
<code>AuthorizedPrincipalsFile</code> (optional) need to be present the
<code>sshd</code> dictionary when invoking the role. For example:</p>
<div class="sourceCode" id="cb7"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb7-1"><a href="#cb7-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sshd</span><span class="kw">:</span></span>
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb7-1"><a href="#cb7-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sshd_config</span><span class="kw">:</span></span>
<span id="cb7-2"><a href="#cb7-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">TrustedUserCAKeys</span><span class="kw">:</span><span class="at"> /etc/ssh/path-to-trusted-user-ca-keys/trusted-user-ca-keys.pub</span></span>
<span id="cb7-3"><a href="#cb7-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">AuthorizedPrincipalsFile</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;/etc/ssh/path-to-auth-principals/auth_principals/%u&quot;</span></span></code></pre></div>
<p>To learn more about SSH Certificates, here is a <a
@ -600,7 +603,7 @@ class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb8-1"><a href="
<span id="cb8-2"><a href="#cb8-2" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">hosts</span><span class="kw">:</span><span class="at"> all</span></span>
<span id="cb8-3"><a href="#cb8-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vars</span><span class="kw">:</span></span>
<span id="cb8-4"><a href="#cb8-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd_skip_defaults</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb8-5"><a href="#cb8-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd</span><span class="kw">:</span></span>
<span id="cb8-5"><a href="#cb8-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd_config</span><span class="kw">:</span></span>
<span id="cb8-6"><a href="#cb8-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">Compression</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb8-7"><a href="#cb8-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ListenAddress</span><span class="kw">:</span></span>
<span id="cb8-8"><a href="#cb8-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="st">&quot;0.0.0.0&quot;</span></span>
@ -636,7 +639,7 @@ class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb10-1"><a href=
<span id="cb10-7"><a href="#cb10-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> willshersystems.sshd</span></span>
<span id="cb10-8"><a href="#cb10-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vars</span><span class="kw">:</span></span>
<span id="cb10-9"><a href="#cb10-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd_skip_defaults</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb10-10"><a href="#cb10-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd</span><span class="kw">:</span></span>
<span id="cb10-10"><a href="#cb10-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd_config</span><span class="kw">:</span></span>
<span id="cb10-11"><a href="#cb10-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">Compression</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb10-12"><a href="#cb10-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ListenAddress</span><span class="kw">:</span></span>
<span id="cb10-13"><a href="#cb10-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="st">&quot;0.0.0.0&quot;</span></span>
@ -660,7 +663,7 @@ class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb11-1"><a href=
<span id="cb11-6"><a href="#cb11-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> willshersystems.sshd</span></span>
<span id="cb11-7"><a href="#cb11-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vars</span><span class="kw">:</span></span>
<span id="cb11-8"><a href="#cb11-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd_config_namespace</span><span class="kw">:</span><span class="at"> accept-env</span></span>
<span id="cb11-9"><a href="#cb11-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd</span><span class="kw">:</span></span>
<span id="cb11-9"><a href="#cb11-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd_config</span><span class="kw">:</span></span>
<span id="cb11-10"><a href="#cb11-10" aria-hidden="true" tabindex="-1"></a><span class="co"> # there are some handy environment variables to accept</span></span>
<span id="cb11-11"><a href="#cb11-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">AcceptEnv</span><span class="kw">:</span></span>
<span id="cb11-12"><a href="#cb11-12" aria-hidden="true" tabindex="-1"></a><span class="at"> LANG</span></span>

17
latest/README.html
View file

@ -158,7 +158,7 @@ id="toc-sshd_install_service">sshd_install_service</a></li>
id="toc-sshd_manage_firewall">sshd_manage_firewall</a></li>
<li><a href="#sshd_manage_selinux"
id="toc-sshd_manage_selinux">sshd_manage_selinux</a></li>
<li><a href="#sshd" id="toc-sshd">sshd</a></li>
<li><a href="#sshd_config" id="toc-sshd_config">sshd_config</a></li>
<li><a href="#sshd_optionname"
id="toc-sshd_optionname">sshd_<code>&lt;OptionName&gt;</code></a></li>
<li><a href="#sshd_match-sshd_match_1-through-sshd_match_9"
@ -388,13 +388,16 @@ based OS. The default is <em>false</em>.</p>
<p>NOTE: <code>sshd_manage_selinux</code> is limited to <em>adding</em>
policy. It cannot be used for <em>removing</em> policy. If you want to
remove ports, you will need to use the selinux system role directly.</p>
<h3 id="sshd">sshd</h3>
<h3 id="sshd_config">sshd_config</h3>
<p>A dict containing configuration. e.g.</p>
<div class="sourceCode" id="cb2"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sshd</span><span class="kw">:</span></span>
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sshd_config</span><span class="kw">:</span></span>
<span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">Compression</span><span class="kw">:</span><span class="at"> delayed</span></span>
<span id="cb2-3"><a href="#cb2-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ListenAddress</span><span class="kw">:</span></span>
<span id="cb2-4"><a href="#cb2-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="fl">0.0.0.0</span></span></code></pre></div>
<p><em>Note</em>: This variable was previous called <code>sshd</code>.
<code>sshd</code> is can still be used but is deprecated and will be
removed in a future release.</p>
<h3 id="sshd_optionname">sshd_<code>&lt;OptionName&gt;</code></h3>
<p>Simple variables can be used rather than a dict. Simple values
override dict values. e.g.:</p>
@ -577,7 +580,7 @@ to the above variables, respective configuration options
<code>AuthorizedPrincipalsFile</code> (optional) need to be present the
<code>sshd</code> dictionary when invoking the role. For example:</p>
<div class="sourceCode" id="cb7"><pre
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb7-1"><a href="#cb7-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sshd</span><span class="kw">:</span></span>
class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb7-1"><a href="#cb7-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sshd_config</span><span class="kw">:</span></span>
<span id="cb7-2"><a href="#cb7-2" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">TrustedUserCAKeys</span><span class="kw">:</span><span class="at"> /etc/ssh/path-to-trusted-user-ca-keys/trusted-user-ca-keys.pub</span></span>
<span id="cb7-3"><a href="#cb7-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">AuthorizedPrincipalsFile</span><span class="kw">:</span><span class="at"> </span><span class="st">&quot;/etc/ssh/path-to-auth-principals/auth_principals/%u&quot;</span></span></code></pre></div>
<p>To learn more about SSH Certificates, here is a <a
@ -600,7 +603,7 @@ class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb8-1"><a href="
<span id="cb8-2"><a href="#cb8-2" aria-hidden="true" tabindex="-1"></a><span class="kw">-</span><span class="at"> </span><span class="fu">hosts</span><span class="kw">:</span><span class="at"> all</span></span>
<span id="cb8-3"><a href="#cb8-3" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vars</span><span class="kw">:</span></span>
<span id="cb8-4"><a href="#cb8-4" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd_skip_defaults</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb8-5"><a href="#cb8-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd</span><span class="kw">:</span></span>
<span id="cb8-5"><a href="#cb8-5" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd_config</span><span class="kw">:</span></span>
<span id="cb8-6"><a href="#cb8-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">Compression</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb8-7"><a href="#cb8-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ListenAddress</span><span class="kw">:</span></span>
<span id="cb8-8"><a href="#cb8-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="st">&quot;0.0.0.0&quot;</span></span>
@ -636,7 +639,7 @@ class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb10-1"><a href=
<span id="cb10-7"><a href="#cb10-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> willshersystems.sshd</span></span>
<span id="cb10-8"><a href="#cb10-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vars</span><span class="kw">:</span></span>
<span id="cb10-9"><a href="#cb10-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd_skip_defaults</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb10-10"><a href="#cb10-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd</span><span class="kw">:</span></span>
<span id="cb10-10"><a href="#cb10-10" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd_config</span><span class="kw">:</span></span>
<span id="cb10-11"><a href="#cb10-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">Compression</span><span class="kw">:</span><span class="at"> </span><span class="ch">true</span></span>
<span id="cb10-12"><a href="#cb10-12" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">ListenAddress</span><span class="kw">:</span></span>
<span id="cb10-13"><a href="#cb10-13" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="kw">-</span><span class="at"> </span><span class="st">&quot;0.0.0.0&quot;</span></span>
@ -660,7 +663,7 @@ class="sourceCode yaml"><code class="sourceCode yaml"><span id="cb11-1"><a href=
<span id="cb11-6"><a href="#cb11-6" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">name</span><span class="kw">:</span><span class="at"> willshersystems.sshd</span></span>
<span id="cb11-7"><a href="#cb11-7" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">vars</span><span class="kw">:</span></span>
<span id="cb11-8"><a href="#cb11-8" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd_config_namespace</span><span class="kw">:</span><span class="at"> accept-env</span></span>
<span id="cb11-9"><a href="#cb11-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd</span><span class="kw">:</span></span>
<span id="cb11-9"><a href="#cb11-9" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">sshd_config</span><span class="kw">:</span></span>
<span id="cb11-10"><a href="#cb11-10" aria-hidden="true" tabindex="-1"></a><span class="co"> # there are some handy environment variables to accept</span></span>
<span id="cb11-11"><a href="#cb11-11" aria-hidden="true" tabindex="-1"></a><span class="at"> </span><span class="fu">AcceptEnv</span><span class="kw">:</span></span>
<span id="cb11-12"><a href="#cb11-12" aria-hidden="true" tabindex="-1"></a><span class="at"> LANG</span></span>