Improve documentation

README.md

@@ -1,4 +1,4 @@
-OpenSSH Server
+ OpenSSH Server
 ==============
 
 Ansible role to configure the OpenSSH `ssh` server.
@@ -8,14 +8,30 @@ ssh-keygen -t ed25519
 ```
 
 
-Variables
+ Some Variables explained
----------
+------------------------------
+**Remember:** Have a look into ``defaults/main.yml`` for all possible variables.
 
-* `restrict_allow_users`: enable the `AllowUsers` and `AllowGroups` options.
+```bash
+restrict_allow_users: True
+```
+With tis option you can enable or disable if a user needs to be in a special defined group. Like wheels, sudo or something else.
+The default ddh groups are ``admins`` and ``root``
 
-+ `users`: which user is allowed to login. 
+```bash
+only_allow_ed25519: true 
+```
+Force ssh to deny all ssh keys except for eliptic curve ed25519 keys.
 
-Example config:
+```bash
+sshd_password_authentication: 'no' 
+```
+Change the string from 'no' to 'yes' if you want to log in with a password (not recomended).
+
+There are some other cryptographic algorythmen you could enable...
+
+### Important part:
+Define the users (and optional their ssh keys) for the ssh config template:
 ```bash
 users:
   l3d:
@@ -24,15 +40,23 @@ users:
    - ottojo@uni
    - ottojo@home
 ```
-*have a look into defaults/main.yml foraditionally informations!*
+-> This means l3d and ottojo are able to login.
 
-Files
+
+
+ Files
 -----
 
 * `sshd.conf`:
 
 
-References
+ References
 ----------
 
 * [Secure Secure Shell](https://stribika.github.io/2015/01/04/secure-secure-shell.html)
+
+ Don't forget:
+--------------
+ + This role will not deploy or touch any ssh public keys. There are other roles to do that.
+ + Be carefull if you don't have a eliptic curve ed25519 key. ``only_allow_ed25519: true`` is the default option.
+   * If you really have to deal with RSA Keys or simmilar, you should think about a backup ed25519 ssh key. Better a backup than beeing locked out!