Commit graph

23 commits

Author SHA1 Message Date
Jakub Jelen
dd820d1c24 Implement hostkey checks
This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.

This is also helpful when running this role in containers, where
is no service running either.

The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.

This should fix #111
2020-11-16 11:10:16 +01:00
Jakub Jelen
7741a06714 Document missing configuraiton variables & sort
as recommended by best practices:

> Every argument accepted from outside of the role should be given
> a default value in defaults/main.yml.

https://github.com/oasis-roles/meta_standards#vars-vs-defaults
2020-11-16 11:10:16 +01:00
Jakub Jelen
f32003f051 Remove set_facts tasks not to polute global namespace
The usage of set_facts inside of roles is not recommended if
it is used for internal variables used only inside of the role.
It is recommended to use variables with smaller scope to avoid
inter-dependencies between different invocations of the same
role as demonstrated in the tests_alternative_file.yml later
in the patch series

ttps://github.com/oasis-roles/meta_standards#ansible-best-practices
2020-11-06 12:04:41 +01:00
Jakub Jelen
71b3f87308 Add support for sysconfig on Fedora/RHEL
This is useful for opting out from system-wide cryto policy for SSH
or configuring advanced use case (strong RNG seed).

Fixes: #141
2020-10-06 21:11:39 +02:00
Jakub Jelen
f0de8fb16e Backup old configuration by default as recommended by OASIS
https://github.com/oasis-roles/meta_standards#generating-files-from-templates
2020-09-23 14:49:42 +02:00
Jakub Jelen
2c574fdcba avoid the use of True and False for boolean values
These are not in yml specification and come from python. Behavior
can differ in particular YAML implementation.
2020-09-23 14:43:40 +02:00
Nikolaos Kakouros
a6a21a9565 Adds on/off toggle 2018-09-08 09:14:39 +02:00
Nikolaos Kakouros
1c511219bf Updates README 2018-09-07 01:36:35 +02:00
Nikolaos Kakouros
f5c13ee90f Merge branch 'master' into systemd 2018-08-25 23:48:09 +02:00
Nikolaos Kakouros
5774f7f44f Adds ability to install a systemd service 2018-08-25 23:39:06 +02:00
Andrew Eason
814fa367d4 expose sshd_config template backup option with sshd_backup 2018-07-27 10:08:17 -04:00
jamatute
f858380070
* defaults typo 2017-08-16 11:11:31 +02:00
Matt Willsher
43ed7c19a2 Fix Ansible 2.3 warnings 2017-05-04 14:31:26 +01:00
Harald Koch
f36d32e833 cleanup Archlinux support to match defaults in current package (openssh-7.4p1-2) 2017-02-11 11:11:18 -05:00
Aleksandr Kostyrev
7daa715bde Fix sshd_manage_var_run check 2015-08-12 23:29:51 +03:00
Aleksandr Kostyrev
445261a297 Do not manage /var/run/sshd on CentOS7 fixes #27 2015-08-12 18:41:46 +03:00
Matt Willsher
812a1e1267 Fix issues raised in #22 2015-06-28 10:18:45 +01:00
jitakirin
bcd864fea4 Add sshd_manage_service option
Allows disabling management of SSHd service completely, which is handy
when used in a container (where ansible is usually used during build
phase).
2015-06-25 14:54:24 +01:00
Matt Willsher
964496fcd1 Allow reload to be skipped 2015-01-13 17:42:10 +00:00
Matt Willsher
2194672579 Add EL6 defaults 2014-12-22 10:05:09 +00:00
Matt Willsher
26a0f5e350 Seperate defaults dict 2014-12-22 09:25:31 +00:00
Matt Willsher
1b5200c805 Improve option rendering, allow per OS defaults 2014-12-21 22:23:02 +00:00
Matt Willsher
c561b6e5f7 Allow overrides, force sftp for Ansible 2014-12-21 20:29:13 +00:00