9 years ago · fd82841c1f
--- a/README.md
+++ b/README.md
@@ -4,6 +4,10 @@
 
				 
			
 
				 This puppet module manages OpenSSH configuration and services.
			
 
				 
			
 
				+**!! Upgrade Notice (05/2015) !!**
			
 
				+
			
 
				+The hardened_ssl parameter name was changed to simply 'hardened'.
			
 
				+
			
 
				 **!! Upgrade Notice (01/2013) !!**
			
 
				 
			
 
				 This module now uses parameterized classes, where it used global variables
			
@@ -179,8 +183,8 @@ The following is a list of the currently available variables:
 
				     Set this to the location of the AuthorizedKeysFile
			
 
				     (e.g. `/etc/ssh/authorized_keys/%u`). Default: `AuthorizedKeysFile
			
 
				     %h/.ssh/authorized_keys`
			
 
				-  - `hardened_ssl`
			
 
				-    Use only strong SSL ciphers and MAC.
			
 
				+  - `hardened`
			
 
				+    Use only strong ciphers, MAC, KexAlgorithms, etc.
			
 
				     Values:
			
 
				     - `no` (default)
			
 
				     - `yes`
			
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -40,7 +40,7 @@ class sshd(
 
				     OpenBSD => '%h/.ssh/authorized_keys',
			
 
				     default => '%h/.ssh/authorized_keys %h/.ssh/authorized_keys2',
			
 
				   },
			
 
				-  $hardened_ssl = 'no',
			
 
				+  $hardened = 'no',
			
 
				   $sftp_subsystem = '',
			
 
				   $head_additional_options = '',
			
 
				   $tail_additional_options = '',
			
--- a/templates/sshd_config/CentOS_6.erb
+++ b/templates/sshd_config/CentOS_6.erb
@@ -150,7 +150,7 @@ AllowUsers <%= s %>
 
				 AllowGroups <%= s %>
			
 
				 <%- end -%>
			
 
				 
			
 
				-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
			
 
				+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 Ciphers aes256-ctr
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
--- a/templates/sshd_config/CentOS_7.erb
+++ b/templates/sshd_config/CentOS_7.erb
@@ -164,7 +164,7 @@ AllowGroups <%= s %>
 
				 #Host *.local
			
 
				 #  CheckHostIP no
			
 
				 
			
 
				-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
			
 
				+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 Ciphers aes256-ctr
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
--- a/templates/sshd_config/Debian_jessie.erb
+++ b/templates/sshd_config/Debian_jessie.erb
@@ -111,7 +111,7 @@ AllowUsers <%= s %>
 
				 AllowGroups <%= s %>
			
 
				 <%- end -%>
			
 
				 
			
 
				-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
			
 
				+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 Ciphers aes256-ctr
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
--- a/templates/sshd_config/Debian_sid.erb
+++ b/templates/sshd_config/Debian_sid.erb
@@ -111,7 +111,7 @@ AllowUsers <%= s %>
 
				 AllowGroups <%= s %>
			
 
				 <%- end -%>
			
 
				 
			
 
				-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
			
 
				+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 Ciphers aes256-ctr
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -115,7 +115,7 @@ AllowUsers <%= s %>
 
				 AllowGroups <%= s %>
			
 
				 <%- end -%>
			
 
				 
			
 
				-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
			
 
				+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 Ciphers aes256-ctr
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
--- a/templates/sshd_config/Debian_wheezy.erb
+++ b/templates/sshd_config/Debian_wheezy.erb
@@ -114,7 +114,7 @@ AllowUsers <%= s %>
 
				 AllowGroups <%= s %>
			
 
				 <%- end -%>
			
 
				 
			
 
				-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
			
 
				+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 Ciphers aes256-ctr
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
--- a/templates/sshd_config/FreeBSD.erb
+++ b/templates/sshd_config/FreeBSD.erb
@@ -152,7 +152,7 @@ AllowUsers <%= s %>
 
				 AllowGroups <%= s %>
			
 
				 <%- end -%>
			
 
				 
			
 
				-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
			
 
				+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 Ciphers aes256-ctr
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -147,7 +147,7 @@ AllowUsers <%= s %>
 
				 AllowGroups <%= s %>
			
 
				 <%- end -%>
			
 
				 
			
 
				-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
			
 
				+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 Ciphers aes256-ctr
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -128,7 +128,7 @@ AllowGroups <%= s %>
 
				 #	AllowTcpForwarding no
			
 
				 #	ForceCommand cvs server
			
 
				 
			
 
				-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
			
 
				+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 Ciphers aes256-ctr
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
--- a/templates/sshd_config/Ubuntu.erb
+++ b/templates/sshd_config/Ubuntu.erb
@@ -115,7 +115,7 @@ AllowUsers <%= s %>
 
				 AllowGroups <%= s %>
			
 
				 <%- end -%>
			
 
				 
			
 
				-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
			
 
				+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 Ciphers aes256-ctr
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>
			
--- a/templates/sshd_config/Ubuntu_lucid.erb
+++ b/templates/sshd_config/Ubuntu_lucid.erb
@@ -118,7 +118,7 @@ AllowGroups <%= s %>
 
				 
			
 
				 PrintMotd <%= scope.lookupvar('sshd::print_motd') %>
			
 
				 
			
 
				-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
			
 
				+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
			
 
				 Ciphers aes256-ctr
			
 
				 MACs hmac-sha1
			
 
				 <% end -%>