Browse Source

Изменить 'readme.md'

Vladimir Smagin 2 months ago
parent
commit
89a8cd11cd
1 changed files with 1 additions and 54 deletions
  1. 1
    54
      readme.md

+ 1
- 54
readme.md View File

@@ -2,61 +2,7 @@
2 2
 
3 3
 Installation: ```git clone https://git.blindage.org/21h/ansible-ssh-management.git```
4 4
 
5
-Now you can configure your security with this simple ansible playbook. Remember that dicts in parent group merges with dicts in child groups. 
6
-
7
-Infrastructure:
8
-
9
-```
10
-             |- hetzner-balancers
11
-             |- hetzner-nodes
12
-```
13
-
14
-All servers will be available to the administrator and assistant, servers must have own internal key for files copying. Configuring parent ```hetzner```group:
15
-
16
-```
17
-    access_list:
18
-      admin: { keypath: "../keys/admin.pub", username: "root" }
19
-      techguy: { keypath: "../keys/techguy.pub", username: "root" }
20
-      interserver: { keypath: "../keys/interserver.pub", username: "root" }
21
-
22
-    secret_list:
23
-      interserver: { keypath: "../keys/interserver.pem", username: "root" }
24
-```
25
-
26
-You want to make additional access to all nodes for developer guy. Configuring child ```hetzner-nodes``` group:
27
-
28
-```
29
-    access_list:
30
-      developer: { keypath: "../keys/developer.pub", username: "dev" }
31
-```
32
-
33
-Some stupid manager ruined your day, now you want to stop him
34
-
35
-```
36
-    access_list:
37
-      admin: { keypath: "../keys/admin.pub", username: "root" }
38
-      techguy: { keypath: "../keys/techguy.pub", username: "root" }
39
-      stupid_manager: { keypath: "../keys/stupid_manager.pub", username: "ubuntu", key_state: "absent" }
40
-```
41
-
42
-You can set additional SSHd options like code below, see defaults of ssh_config role.
43
-
44
-```
45
-sshd_config_path: "/etc/ssh/sshd_config"
46
-
47
-sshd_options:
48
-  PubkeyAuthentication: "yes"
49
-  PasswordAuthentication: "no"
50
-```
51
-
52
-No need to make additional config for ```hetzner-balancers``` because access list will be inherited, only admins accessible.
53
-
54
-**Using master key**
55
-
56
-Warning! Playbook will delete all public keys in root's ```.ssh/authorized_keys``` file and setup own **super** key, only after this public keys in group_vars and host_vars will be added into assigned users ```.ssh/authorized_keys``` files. If you do not want to lost already installed pubkeys then add all of them to this playbook before first run.
57
-
58
-**Security issue!** You need to generate your own super key! Run ```ssh-keygen -f superkey``` and replace keys in ```secret/``` directory. DO NOT USE DEMO KEY!
5
+Read documentation on wiki pages here https://git.blindage.org/21h/ansible-ssh-management/wiki/
59 6
 
60 7
 
61 8
 ---

Loading…
Cancel
Save