Skip to content

Commit

Permalink
docs: Update sshd vars references to sshd_config
Browse files Browse the repository at this point in the history
  • Loading branch information
mattwillsher committed Sep 13, 2024
1 parent f961b0f commit 82e6eb7
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 9 deletions.
15 changes: 9 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -130,17 +130,20 @@ NOTE: `sshd_manage_selinux` is limited to *adding* policy. It cannot be used
for *removing* policy. If you want to remove ports, you will need to use the
selinux system role directly.

#### sshd
#### sshd_config

A dict containing configuration. e.g.

```yaml
sshd:
sshd_config:
Compression: delayed
ListenAddress:
- 0.0.0.0
```
*Note*: This variable was previous called `sshd`. `sshd` is can still be used
but is deprecated and will be removed in a future release.

#### sshd_`<OptionName>`

Simple variables can be used rather than a dict. Simple values override dict
Expand Down Expand Up @@ -344,7 +347,7 @@ Use these variables to set the ownership and permissions for the Authorized Prin
The SSH server needs this information stored in files so in addition to the above variables, respective configuration options `TrustedUserCAKeys` (mandatory) and `AuthorizedPrincipalsFile` (optional) need to be present the `sshd` dictionary when invoking the role. For example:

```yaml
sshd:
sshd_config:
TrustedUserCAKeys: /etc/ssh/path-to-trusted-user-ca-keys/trusted-user-ca-keys.pub
AuthorizedPrincipalsFile: "/etc/ssh/path-to-auth-principals/auth_principals/%u"
```
Expand All @@ -370,7 +373,7 @@ provides. Running it will likely break your SSH access to the server!
- hosts: all
vars:
sshd_skip_defaults: true
sshd:
sshd_config:
Compression: true
ListenAddress:
- "0.0.0.0"
Expand Down Expand Up @@ -413,7 +416,7 @@ for example:
name: willshersystems.sshd
vars:
sshd_skip_defaults: true
sshd:
sshd_config:
Compression: true
ListenAddress:
- "0.0.0.0"
Expand All @@ -440,7 +443,7 @@ option:
name: willshersystems.sshd
vars:
sshd_config_namespace: accept-env
sshd:
sshd_config:
# there are some handy environment variables to accept
AcceptEnv:
LANG
Expand Down
2 changes: 1 addition & 1 deletion examples/example-accept-env.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
name: ansible-sshd
vars:
sshd_config_namespace: accept-env
sshd:
sshd_config:
# there are some handy environment variables to accept
AcceptEnv:
LANG
Expand Down
2 changes: 1 addition & 1 deletion examples/example-root-login.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
ansible.builtin.include_role:
name: ansible-sshd
vars:
sshd:
sshd_config:
# root login and password login is enabled only from a particular subnet
PermitRootLogin: false
PasswordAuthentication: false
Expand Down
2 changes: 1 addition & 1 deletion examples/example-use-certificates.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
ansible.builtin.include_role:
name: ansible-sshd
vars:
sshd:
sshd_config:
# Disable password authentication, use SSH Certificates and configure authorized principals
PasswordAuthentication: false
TrustedUserCAKeys: /etc/ssh/trusted-user-ca-keys.pub
Expand Down

0 comments on commit 82e6eb7

Please sign in to comment.