rhel-system-roles/sshd-example.diff

44 lines
1.4 KiB
Diff
Raw Normal View History

diff --git a/README.md b/README.md
index 676ad72..dc06d85 100644
--- a/README.md
+++ b/README.md
@@ -190,7 +190,7 @@ defaults. This is useful if the role is used in deployment stage to make sure
the service is able to start on the first attempt. To disable this check, set
this to empty list.
-* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_group`
+* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_mode`
Use these variables to set the ownership and permissions for the host keys from
the above list.
@@ -273,6 +273,8 @@ for example:
X11Forwarding: yes
```
+More example playbooks can be found in [`examples/`](examples/) directory.
+
Template Generation
-------------------
diff --git a/examples/example-root-login.yml b/examples/example-root-login.yml
new file mode 100644
index 0000000..156e629
--- /dev/null
+++ b/examples/example-root-login.yml
@@ -0,0 +1,15 @@
+---
+- hosts: all
+ tasks:
+ - name: Configure sshd to prevent root and password login except from particular subnet
+ include_role:
+ name: ansible-sshd
+ vars:
+ sshd:
+ # root login and password login is enabled only from a particular subnet
+ PermitRootLogin: no
+ PasswordAuthentication: no
+ Match:
+ - Condition: "Address 192.0.2.0/24"
+ PermitRootLogin: yes
+ PasswordAuthentication: yes