f6ce71d308
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/linux-system-roles.git#490700ef996ddf949520cb4c0fedd290cc657aed
44 lines
1.4 KiB
Diff
44 lines
1.4 KiB
Diff
diff --git a/README.md b/README.md
|
|
index 676ad72..dc06d85 100644
|
|
--- a/README.md
|
|
+++ b/README.md
|
|
@@ -190,7 +190,7 @@ defaults. This is useful if the role is used in deployment stage to make sure
|
|
the service is able to start on the first attempt. To disable this check, set
|
|
this to empty list.
|
|
|
|
-* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_group`
|
|
+* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_mode`
|
|
|
|
Use these variables to set the ownership and permissions for the host keys from
|
|
the above list.
|
|
@@ -273,6 +273,8 @@ for example:
|
|
X11Forwarding: yes
|
|
```
|
|
|
|
+More example playbooks can be found in [`examples/`](examples/) directory.
|
|
+
|
|
Template Generation
|
|
-------------------
|
|
|
|
diff --git a/examples/example-root-login.yml b/examples/example-root-login.yml
|
|
new file mode 100644
|
|
index 0000000..156e629
|
|
--- /dev/null
|
|
+++ b/examples/example-root-login.yml
|
|
@@ -0,0 +1,15 @@
|
|
+---
|
|
+- hosts: all
|
|
+ tasks:
|
|
+ - name: Configure sshd to prevent root and password login except from particular subnet
|
|
+ include_role:
|
|
+ name: ansible-sshd
|
|
+ vars:
|
|
+ sshd:
|
|
+ # root login and password login is enabled only from a particular subnet
|
|
+ PermitRootLogin: no
|
|
+ PasswordAuthentication: no
|
|
+ Match:
|
|
+ - Condition: "Address 192.0.2.0/24"
|
|
+ PermitRootLogin: yes
|
|
+ PasswordAuthentication: yes
|