mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-12-26 10:30:17 +01:00
Update documentation with recent changes
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
parent
860e533713
commit
ff56d75a6e
2 changed files with 21 additions and 9 deletions
27
README.md
27
README.md
|
@ -136,7 +136,8 @@ ListenAddress ::
|
|||
|
||||
A list of dicts or just a dict for a Match section. Note, that these variables
|
||||
do not override match blocks as defined in the `sshd` dict. All of the sources
|
||||
will be reflected in the resulting configuration file.
|
||||
will be reflected in the resulting configuration file. The use of
|
||||
`sshd_match_*` variant is deprecated and no longer recommended.
|
||||
|
||||
* `sshd_backup`
|
||||
|
||||
|
@ -196,11 +197,12 @@ file that this role produces.
|
|||
* `sshd_verify_hostkeys`
|
||||
|
||||
By default (*auto*), this list contains all the host keys that are present in
|
||||
the produced configuration file. The paths are checked for presence and
|
||||
generated if missing. Additionally, permissions and file owners are set to sane
|
||||
defaults. This is useful if the role is used in deployment stage to make sure
|
||||
the service is able to start on the first attempt. To disable this check, set
|
||||
this to empty list.
|
||||
the produced configuration file. If there are none, the OpenSSH default list
|
||||
will be used after excluding non-FIPS approved keys in FIPS mode. The paths
|
||||
are checked for presence and generated if missing. Additionally, permissions
|
||||
and file owners are set to sane defaults. This is useful if the role is used
|
||||
in deployment stage to make sure the service is able to start on the first
|
||||
attempt. To disable this check, set this to empty list.
|
||||
|
||||
* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_mode`
|
||||
|
||||
|
@ -242,6 +244,9 @@ Dependencies
|
|||
|
||||
None
|
||||
|
||||
For tests the `ansible.posix` collection is required for the `mount` role to
|
||||
emulate FIPS mode.
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
|
@ -348,7 +353,7 @@ The [`sshd_config.j2`](templates/sshd_config.j2) template is programatically
|
|||
generated by the scripts in meta. New options should be added to the
|
||||
`options_body` or `options_match`.
|
||||
|
||||
To regenerate the template, from within the meta/ directory run:
|
||||
To regenerate the template, from within the `meta/` directory run:
|
||||
`./make_option_lists`
|
||||
|
||||
License
|
||||
|
@ -357,9 +362,13 @@ License
|
|||
LGPLv3
|
||||
|
||||
|
||||
Author
|
||||
------
|
||||
Authors
|
||||
-------
|
||||
|
||||
Matt Willsher <matt@willsher.systems>
|
||||
|
||||
© 2014,2015 Willsher Systems Ltd.
|
||||
|
||||
Jakub Jelen <jjelen@redhat.com>
|
||||
|
||||
© 2020 - 2022 Red Hat, Inc.
|
||||
|
|
|
@ -61,6 +61,9 @@ sshd_sftp_server: /usr/lib/openssh/sftp-server
|
|||
# configuration or restarting), we make sure the keys exist and have correct
|
||||
# permissions. To disable this check, set sshd_verify_hostkeys to false
|
||||
sshd_verify_hostkeys: "auto"
|
||||
# The list of hostkeys to check when there are none listed in configuration file.
|
||||
# This is usually the case when the selection is up to the OpenSSH defaults or
|
||||
# drop-in directory is used.
|
||||
__sshd_verify_hostkeys_default: []
|
||||
sshd_hostkey_owner: "{{ __sshd_hostkey_owner }}"
|
||||
sshd_hostkey_group: "{{ __sshd_hostkey_group }}"
|
||||
|
|
Loading…
Reference in a new issue