improve README

README.md

@@ -13,17 +13,21 @@ It is highly recomended to use this role together with a role to manage users an
 The following roles are tested in combination and work well - at least for the user [DO1JLR](https://github.com/do1jlr):
  - [github.com/chaos-bodensee/role-manage_users](https://github.com/chaos-bodensee/role-manage_users.git)
  - [github.com/chaos-bodensee/role-ssh_authorized_keys](https://github.com/chaos-bodensee/role-ssh_authorized_keys.git)
- - [github.com/chaos-bodensee/role_sshd](https://github.com/chaos-bodensee/role_sshd.git) *(this one)*
+ - [github.com/roles-ansible/ansible_role_sshd](https://github.com/roles-ansible/ansible_role_sshd.git) *(this one)*
 
 
  Some Variables explained
 ------------------------------
 **Remember:** Have a look into ``defaults/main.yml`` for all possible variables.
 
++ **SSH Port**
+  The OpenSSH Port is defined with the variable ``sshd__port: 22``. Change it if you wish.
 
-### Important part:
-Define the users (and optional their ssh keys) for the ssh config template:
-```bash
++ **Allowed Users and Groups**
+  The default users that are allowd to login come from the ``users: {}`` list.
+  The same ``users: {}`` variable is used in the other recomended ssh roles.
+  A example to allow the login for the users and groups called ``l3d`` and ``ottojo`` are:
+```
 users:
   l3d:
     - l3d
@@ -31,22 +35,38 @@ users:
    - ottojo@uni
    - ottojo@home
 ```
--> This means l3d and ottojo are able to login.
 
++ **SSH Login via Passwort**
+  The SSH Passwort auth is set to false via ``sshd__password_authentication: false``. This won't allow you to use your passwort to login via SSH.
+
++ **Manage SSH Key Types**
+  By default this role configure which ssh key types are allowed to login. If you don't want to define that change the ``sshd__manage_key_types: true`` variable.
+
++ **Define allowed ssh key types**
+  The allowed SSH Key Types are defined with this list. Some of them are commented out.
+  Please not that by defualt only ``ed25519`` keys are allowed. Keep that in mind if you are using a rsa key.
+```
+  sshd__key_types:
+  - 'ed25519'
+  # - 'rsa'
+  # - 'ecdsa'
+  # - 'dsa' # (do not use!)
+```
+
++ **Advanced SSH Algorithm Settings**
+  You can define the used Key and Key Algorithm here to. For the default values and some examples for the variables ``sshd__key_algorithmus`` and ``sshd__kex_algorithmus`` have a look into ``defaults/main.yml``.
+
+
++ **force new SSH Features**
+  If you know that you use a ssh version ``>8`` you can optionally define it with ``true/false`` with the ``sshd__version_is_above_eight`` variable.
 
  Files
 -----
 
-* `sshd.conf`:
+The main task of this role is to configure the ``sshd.conf`` file.
 
 
  References
 ----------
 
 * [Secure Secure Shell](https://stribika.github.io/2015/01/04/secure-secure-shell.html)
-
- Don't forget:
---------------
- + This role will not deploy or touch any ssh public keys. There are other roles to do that.
- + Be carefull if you don't have a eliptic curve ed25519 key. ``only_allow_ed25519: true`` is the default option.
-   * If you really have to deal with RSA Keys or simmilar, you should think about a backup ed25519 ssh key. Better a backup than beeing locked out!