diff --git a/.README.html b/.README.html new file mode 100644 index 0000000..a9ad661 --- /dev/null +++ b/.README.html @@ -0,0 +1,277 @@ + + + + + + + + ssh + + + + + + +
+
+

ssh

+
+
+ +
+

An Ansible role for managing ssh clients configuration.

+

Requirements

+

This role should work on any system that provides openssh client and +is supported by ansible. The role was tested on:

+ +

Role Variables

+

By default, the role should not modify the system configuration and +generate global ssh_config that matches OS default (the +generated configuration does not keep comments and order of the +options).

+

ssh_user

+

By default (null) the role will modify the global +configuration for all users. Other values will be interpreted as a +username and the role will modify per-user configuration stored under +~/.ssh/config of the given user. The user needs to exist +before invoking this role otherwise it will fail.

+

ssh_skip_defaults

+

By default (auto), the role writes the system-wide +configuration file /etc/ssh/ssh_config and keeps OS +defaults defined there (true). This is automatically disabled, +when a drop-in configuration file is created +(ssh_drop_in_name!=null) or when per-user configuration +file is created (ssh_user!=null).

+

ssh_drop_in_name

+

This defines the name for the drop-in configuration file to be placed +in system-wide drop-in directory. The name is used in the template +/etc/ssh/ssh_config.d/{name}.conf to reference the +configuration file to be modified. If the system does not support +drop-in directory, setting this option will make the play fail. Default +is null if the system does not support drop in directory +and 00-ansible otherwise.

+

The suggested format is NN-name, where NN +is two-digit number used for sorting the and name is any +descriptive name for the content or the owner of the file.

+

ssh dict

+

A dict containing configuration options and respective values. See +example below.

+ +

Simple variables consisting of the option name prefixed with +ssh_ can be used rather than a dict above. The simple +variable overrides values in dict above.

+

ssh_additional_packages

+

This role automatically installs packages needed for most common use +cases on given platform. If some additional packages need to be +installed (for example openssh-keysign for host-based +authentication), they can be specified in this variable.

+

ssh_config_file

+

The configuration file that will be written by this role. The default +is defined by template /etc/ssh/ssh_config.d/{name}.conf if +system has drop-in directory or /etc/ssh/ssh_config +otherwise. If ssh_user!=null, the default is +~/.ssh/config.

+

To write /etc/ssh/ssh_config even if a drop-in directory +is supported, set ssh_drop_in_name to +null.

+

ssh_config_owner, +ssh_config_group, ssh_config_mode

+

The owner, group and mode of the created configuration file. The +files are owned by root:root with mode 0644 by +default, unless ssh_user!=null. In that case, the mode is +0600 and owner and group are derived from username given in +ssh_user variable.

+

ssh_backup

+

When set to false, the original ssh_config file +is not backed up. Default is true.

+

Example Playbook

+

The following playbook configures the root user ssh +configuration in his

+ + +

home directory to use compression, control-master multiplexing and +enable GSSAPI authentication in the "match final all" block. +Additionally, it creates alias "example" for connecting to the +example.com host as a user somebody. The last line disables X11 +forwarding.

+
- name: Manage ssh clients
+  hosts: all
+  tasks:
+  - name: Configure ssh clients
+    include_role:
+      name: linux-system-roles.ssh
+    vars:
+      ssh_user: root
+      ssh:
+        Compression: true
+        # wokeignore:rule=master
+        ControlMaster: auto
+        ControlPath: ~/.ssh/.cm%C
+        Match:
+          - Condition: "final all"
+            GSSAPIAuthentication: true
+        Host:
+          - Condition: example
+            Hostname: example.com
+            User: somebody
+      ssh_ForwardX11: false
+

More examples are in the examples/ directory.

+

License

+

LGPLv3, see the file LICENSE for more information.

+

Author Information

+

Jakub Jelen, 2021 - 2023

+
+ + diff --git a/CHANGELOG.md b/CHANGELOG.md index 3710954..e661cea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,40 @@ Changelog ========= +[1.2.2] - 2023-09-07 +-------------------- + +### Other Changes + +- ci: Add markdownlint, test_html_build, and build_docs workflows (#108) + + - markdownlint runs against README.md to avoid any issues with + converting it to HTML + - test_converting_readme converts README.md > HTML and uploads this test + artifact to ensure that conversion works fine + - build_docs converts README.md > HTML and pushes the result to the + docs branch to publish dosc to GitHub pages site. + - Fix markdown issues in README.md + + Signed-off-by: Sergei Petrosian + +- docs: Make badges consistent, run markdownlint on all .md files (#109) + + - Consistently generate badges for GH workflows in README RHELPLAN-146921 + - Run markdownlint on all .md files + - Add custom-woke-action if not used already + - Rename woke action to Woke for a pretty badge + + Signed-off-by: Sergei Petrosian + +- ci: Remove badges from README.md prior to converting to HTML (#110) + + - Remove thematic break after badges + - Remove badges from README.md prior to converting to HTML + + Signed-off-by: Sergei Petrosian + + [1.2.1] - 2023-07-19 --------------------