44 lines
1.4 KiB
Diff
44 lines
1.4 KiB
Diff
|
diff --git a/README.md b/README.md
|
||
|
index 676ad72..dc06d85 100644
|
||
|
--- a/README.md
|
||
|
+++ b/README.md
|
||
|
@@ -190,7 +190,7 @@ defaults. This is useful if the role is used in deployment stage to make sure
|
||
|
the service is able to start on the first attempt. To disable this check, set
|
||
|
this to empty list.
|
||
|
|
||
|
-* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_group`
|
||
|
+* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_mode`
|
||
|
|
||
|
Use these variables to set the ownership and permissions for the host keys from
|
||
|
the above list.
|
||
|
@@ -273,6 +273,8 @@ for example:
|
||
|
X11Forwarding: yes
|
||
|
```
|
||
|
|
||
|
+More example playbooks can be found in [`examples/`](examples/) directory.
|
||
|
+
|
||
|
Template Generation
|
||
|
-------------------
|
||
|
|
||
|
diff --git a/examples/example-root-login.yml b/examples/example-root-login.yml
|
||
|
new file mode 100644
|
||
|
index 0000000..156e629
|
||
|
--- /dev/null
|
||
|
+++ b/examples/example-root-login.yml
|
||
|
@@ -0,0 +1,15 @@
|
||
|
+---
|
||
|
+- hosts: all
|
||
|
+ tasks:
|
||
|
+ - name: Configure sshd to prevent root and password login except from particular subnet
|
||
|
+ include_role:
|
||
|
+ name: ansible-sshd
|
||
|
+ vars:
|
||
|
+ sshd:
|
||
|
+ # root login and password login is enabled only from a particular subnet
|
||
|
+ PermitRootLogin: no
|
||
|
+ PasswordAuthentication: no
|
||
|
+ Match:
|
||
|
+ - Condition: "Address 192.0.2.0/24"
|
||
|
+ PermitRootLogin: yes
|
||
|
+ PasswordAuthentication: yes
|