From 82e6eb7a9ed8b58dcbabd5f49baeccd2d9c3e56e Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Fri, 13 Sep 2024 18:31:14 +0100 Subject: [PATCH] docs: Update sshd vars references to sshd_config --- README.md | 15 +++++++++------ examples/example-accept-env.yml | 2 +- examples/example-root-login.yml | 2 +- examples/example-use-certificates.yml | 2 +- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index c996180d..f4eb3779 100644 --- a/README.md +++ b/README.md @@ -130,17 +130,20 @@ NOTE: `sshd_manage_selinux` is limited to *adding* policy. It cannot be used for *removing* policy. If you want to remove ports, you will need to use the selinux system role directly. -#### sshd +#### sshd_config A dict containing configuration. e.g. ```yaml -sshd: +sshd_config: Compression: delayed ListenAddress: - 0.0.0.0 ``` +*Note*: This variable was previous called `sshd`. `sshd` is can still be used +but is deprecated and will be removed in a future release. + #### sshd_`` Simple variables can be used rather than a dict. Simple values override dict @@ -344,7 +347,7 @@ Use these variables to set the ownership and permissions for the Authorized Prin The SSH server needs this information stored in files so in addition to the above variables, respective configuration options `TrustedUserCAKeys` (mandatory) and `AuthorizedPrincipalsFile` (optional) need to be present the `sshd` dictionary when invoking the role. For example: ```yaml -sshd: +sshd_config: TrustedUserCAKeys: /etc/ssh/path-to-trusted-user-ca-keys/trusted-user-ca-keys.pub AuthorizedPrincipalsFile: "/etc/ssh/path-to-auth-principals/auth_principals/%u" ``` @@ -370,7 +373,7 @@ provides. Running it will likely break your SSH access to the server! - hosts: all vars: sshd_skip_defaults: true - sshd: + sshd_config: Compression: true ListenAddress: - "0.0.0.0" @@ -413,7 +416,7 @@ for example: name: willshersystems.sshd vars: sshd_skip_defaults: true - sshd: + sshd_config: Compression: true ListenAddress: - "0.0.0.0" @@ -440,7 +443,7 @@ option: name: willshersystems.sshd vars: sshd_config_namespace: accept-env - sshd: + sshd_config: # there are some handy environment variables to accept AcceptEnv: LANG diff --git a/examples/example-accept-env.yml b/examples/example-accept-env.yml index b5a800a7..f2bac8ed 100644 --- a/examples/example-accept-env.yml +++ b/examples/example-accept-env.yml @@ -7,7 +7,7 @@ name: ansible-sshd vars: sshd_config_namespace: accept-env - sshd: + sshd_config: # there are some handy environment variables to accept AcceptEnv: LANG diff --git a/examples/example-root-login.yml b/examples/example-root-login.yml index e47e6c27..1f6b8184 100644 --- a/examples/example-root-login.yml +++ b/examples/example-root-login.yml @@ -6,7 +6,7 @@ ansible.builtin.include_role: name: ansible-sshd vars: - sshd: + sshd_config: # root login and password login is enabled only from a particular subnet PermitRootLogin: false PasswordAuthentication: false diff --git a/examples/example-use-certificates.yml b/examples/example-use-certificates.yml index 59dd00e4..dadae294 100644 --- a/examples/example-use-certificates.yml +++ b/examples/example-use-certificates.yml @@ -6,7 +6,7 @@ ansible.builtin.include_role: name: ansible-sshd vars: - sshd: + sshd_config: # Disable password authentication, use SSH Certificates and configure authorized principals PasswordAuthentication: false TrustedUserCAKeys: /etc/ssh/trusted-user-ca-keys.pub