Blame SOURCES/sshd-example.diff
|
 |
6e715b |
diff --git a/README.md b/README.md
|
|
|
6e715b |
index 676ad72..dc06d85 100644
|
|
|
6e715b |
--- a/README.md
|
|
|
6e715b |
+++ b/README.md
|
|
|
6e715b |
@@ -190,7 +190,7 @@ defaults. This is useful if the role is used in deployment stage to make sure
|
|
|
6e715b |
the service is able to start on the first attempt. To disable this check, set
|
|
|
6e715b |
this to empty list.
|
|
|
6e715b |
|
|
|
6e715b |
-* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_group`
|
|
|
6e715b |
+* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_mode`
|
|
|
6e715b |
|
|
|
6e715b |
Use these variables to set the ownership and permissions for the host keys from
|
|
|
6e715b |
the above list.
|
|
|
6e715b |
@@ -273,6 +273,8 @@ for example:
|
|
|
6e715b |
X11Forwarding: yes
|
|
|
6e715b |
```
|
|
|
6e715b |
|
|
|
6e715b |
+More example playbooks can be found in [`examples/`](examples/) directory.
|
|
|
6e715b |
+
|
|
|
6e715b |
Template Generation
|
|
|
6e715b |
-------------------
|
|
|
6e715b |
|
|
|
6e715b |
diff --git a/examples/example-root-login.yml b/examples/example-root-login.yml
|
|
|
6e715b |
new file mode 100644
|
|
|
6e715b |
index 0000000..156e629
|
|
|
6e715b |
--- /dev/null
|
|
|
6e715b |
+++ b/examples/example-root-login.yml
|
|
|
6e715b |
@@ -0,0 +1,15 @@
|
|
|
6e715b |
+---
|
|
|
6e715b |
+- hosts: all
|
|
|
6e715b |
+ tasks:
|
|
|
6e715b |
+ - name: Configure sshd to prevent root and password login except from particular subnet
|
|
|
6e715b |
+ include_role:
|
|
|
6e715b |
+ name: ansible-sshd
|
|
|
6e715b |
+ vars:
|
|
|
6e715b |
+ sshd:
|
|
|
6e715b |
+ # root login and password login is enabled only from a particular subnet
|
|
|
6e715b |
+ PermitRootLogin: no
|
|
|
6e715b |
+ PasswordAuthentication: no
|
|
|
6e715b |
+ Match:
|
|
|
6e715b |
+ - Condition: "Address 192.0.2.0/24"
|
|
|
6e715b |
+ PermitRootLogin: yes
|
|
|
6e715b |
+ PasswordAuthentication: yes
|