mirror of
https://github.com/roles-ansible/ansible_role_sshd.git
synced 2024-08-16 11:59:49 +02:00
Improve documentation
This commit is contained in:
parent
b973ce9e37
commit
734cd4d234
1 changed files with 33 additions and 9 deletions
36
README.md
36
README.md
|
@ -8,14 +8,30 @@ ssh-keygen -t ed25519
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
Variables
|
Some Variables explained
|
||||||
---------
|
------------------------------
|
||||||
|
**Remember:** Have a look into ``defaults/main.yml`` for all possible variables.
|
||||||
|
|
||||||
* `restrict_allow_users`: enable the `AllowUsers` and `AllowGroups` options.
|
```bash
|
||||||
|
restrict_allow_users: True
|
||||||
|
```
|
||||||
|
With tis option you can enable or disable if a user needs to be in a special defined group. Like wheels, sudo or something else.
|
||||||
|
The default ddh groups are ``admins`` and ``root``
|
||||||
|
|
||||||
+ `users`: which user is allowed to login.
|
```bash
|
||||||
|
only_allow_ed25519: true
|
||||||
|
```
|
||||||
|
Force ssh to deny all ssh keys except for eliptic curve ed25519 keys.
|
||||||
|
|
||||||
Example config:
|
```bash
|
||||||
|
sshd_password_authentication: 'no'
|
||||||
|
```
|
||||||
|
Change the string from 'no' to 'yes' if you want to log in with a password (not recomended).
|
||||||
|
|
||||||
|
There are some other cryptographic algorythmen you could enable...
|
||||||
|
|
||||||
|
### Important part:
|
||||||
|
Define the users (and optional their ssh keys) for the ssh config template:
|
||||||
```bash
|
```bash
|
||||||
users:
|
users:
|
||||||
l3d:
|
l3d:
|
||||||
|
@ -24,7 +40,9 @@ users:
|
||||||
- ottojo@uni
|
- ottojo@uni
|
||||||
- ottojo@home
|
- ottojo@home
|
||||||
```
|
```
|
||||||
*have a look into defaults/main.yml foraditionally informations!*
|
-> This means l3d and ottojo are able to login.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Files
|
Files
|
||||||
-----
|
-----
|
||||||
|
@ -36,3 +54,9 @@ References
|
||||||
----------
|
----------
|
||||||
|
|
||||||
* [Secure Secure Shell](https://stribika.github.io/2015/01/04/secure-secure-shell.html)
|
* [Secure Secure Shell](https://stribika.github.io/2015/01/04/secure-secure-shell.html)
|
||||||
|
|
||||||
|
Don't forget:
|
||||||
|
--------------
|
||||||
|
+ This role will not deploy or touch any ssh public keys. There are other roles to do that.
|
||||||
|
+ Be carefull if you don't have a eliptic curve ed25519 key. ``only_allow_ed25519: true`` is the default option.
|
||||||
|
* If you really have to deal with RSA Keys or simmilar, you should think about a backup ed25519 ssh key. Better a backup than beeing locked out!
|
||||||
|
|
Loading…
Reference in a new issue