libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-11-25 20:40:18 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update documentation with recent changes

Browse source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Jakub Jelen 2022-04-11 13:53:06 +02:00 committed by Jakub Jelen
parent 860e533713
commit ff56d75a6e
2 changed files with 21 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
README.md
View file

@ -136,7 +136,8 @@ ListenAddress ::
A list of dicts or just a dict for a Match section. Note, that these variables A list of dicts or just a dict for a Match section. Note, that these variables
do not override match blocks as defined in the `sshd` dict. All of the sources do not override match blocks as defined in the `sshd` dict. All of the sources
will be reflected in the resulting configuration file. will be reflected in the resulting configuration file. The use of
`sshd_match_*` variant is deprecated and no longer recommended.
* `sshd_backup` * `sshd_backup`
@ -196,11 +197,12 @@ file that this role produces.
* `sshd_verify_hostkeys` * `sshd_verify_hostkeys`
By default (*auto*), this list contains all the host keys that are present in By default (*auto*), this list contains all the host keys that are present in
the produced configuration file. The paths are checked for presence and the produced configuration file. If there are none, the OpenSSH default list
generated if missing. Additionally, permissions and file owners are set to sane will be used after excluding non-FIPS approved keys in FIPS mode. The paths
defaults. This is useful if the role is used in deployment stage to make sure are checked for presence and generated if missing. Additionally, permissions
the service is able to start on the first attempt. To disable this check, set and file owners are set to sane defaults. This is useful if the role is used
this to empty list. in deployment stage to make sure the service is able to start on the first
attempt. To disable this check, set this to empty list.
* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_mode` * `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_mode`
@ -242,6 +244,9 @@ Dependencies
None None
For tests the `ansible.posix` collection is required for the `mount` role to
emulate FIPS mode.
Example Playbook Example Playbook
---------------- ----------------
@ -348,7 +353,7 @@ The [`sshd_config.j2`](templates/sshd_config.j2) template is programatically
generated by the scripts in meta. New options should be added to the generated by the scripts in meta. New options should be added to the
`options_body` or `options_match`. `options_body` or `options_match`.
To regenerate the template, from within the meta/ directory run: To regenerate the template, from within the `meta/` directory run:
`./make_option_lists` `./make_option_lists`
License License
@ -357,9 +362,13 @@ License
LGPLv3 LGPLv3
Author Authors
------ -------
Matt Willsher <matt@willsher.systems> Matt Willsher <matt@willsher.systems>
&copy; 2014,2015 Willsher Systems Ltd. &copy; 2014,2015 Willsher Systems Ltd.
Jakub Jelen <jjelen@redhat.com>
&copy; 2020 - 2022 Red Hat, Inc.

3
defaults/main.yml
View file

@ -61,6 +61,9 @@ sshd_sftp_server: /usr/lib/openssh/sftp-server
# configuration or restarting), we make sure the keys exist and have correct # configuration or restarting), we make sure the keys exist and have correct
# permissions. To disable this check, set sshd_verify_hostkeys to false # permissions. To disable this check, set sshd_verify_hostkeys to false
sshd_verify_hostkeys: "auto" sshd_verify_hostkeys: "auto"
# The list of hostkeys to check when there are none listed in configuration file.
# This is usually the case when the selection is up to the OpenSSH defaults or
# drop-in directory is used.
__sshd_verify_hostkeys_default: [] __sshd_verify_hostkeys_default: []
sshd_hostkey_owner: "{{ __sshd_hostkey_owner }}" sshd_hostkey_owner: "{{ __sshd_hostkey_owner }}"
sshd_hostkey_group: "{{ __sshd_hostkey_group }}" sshd_hostkey_group: "{{ __sshd_hostkey_group }}"