opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Change 'hardened_ssl' paramter to simply 'hardened', this makes more

Browse source 
sense in general
This commit is contained in:
Micah Anderson 2015-05-01 12:45:14 -04:00
parent b5e16ec064
commit fd82841c1f
13 changed files with 18 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -4,6 +4,10 @@
This puppet module manages OpenSSH configuration and services. This puppet module manages OpenSSH configuration and services.
**!! Upgrade Notice (05/2015) !!**
The hardened_ssl parameter name was changed to simply 'hardened'.
**!! Upgrade Notice (01/2013) !!** **!! Upgrade Notice (01/2013) !!**
This module now uses parameterized classes, where it used global variables This module now uses parameterized classes, where it used global variables
@ -179,8 +183,8 @@ The following is a list of the currently available variables:
Set this to the location of the AuthorizedKeysFile Set this to the location of the AuthorizedKeysFile
(e.g. `/etc/ssh/authorized_keys/%u`). Default: `AuthorizedKeysFile (e.g. `/etc/ssh/authorized_keys/%u`). Default: `AuthorizedKeysFile
%h/.ssh/authorized_keys` %h/.ssh/authorized_keys`
- `hardened_ssl` - `hardened`
Use only strong SSL ciphers and MAC. Use only strong ciphers, MAC, KexAlgorithms, etc.
Values: Values:
- `no` (default) - `no` (default)
- `yes` - `yes`

2
manifests/init.pp
View file

@ -40,7 +40,7 @@ class sshd(
OpenBSD => '%h/.ssh/authorized_keys', OpenBSD => '%h/.ssh/authorized_keys',
default => '%h/.ssh/authorized_keys %h/.ssh/authorized_keys2', default => '%h/.ssh/authorized_keys %h/.ssh/authorized_keys2',
}, },
$hardened_ssl = 'no', $hardened = 'no',
$sftp_subsystem = '', $sftp_subsystem = '',
$head_additional_options = '', $head_additional_options = '',
$tail_additional_options = '', $tail_additional_options = '',

2
templates/sshd_config/CentOS_6.erb
View file

@ -150,7 +150,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %> AllowGroups <%= s %>
<%- end -%> <%- end -%>
<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr Ciphers aes256-ctr
MACs hmac-sha1 MACs hmac-sha1
<% end -%> <% end -%>

2
templates/sshd_config/CentOS_7.erb
View file

@ -164,7 +164,7 @@ AllowGroups <%= s %>
#Host *.local #Host *.local
# CheckHostIP no # CheckHostIP no
<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr Ciphers aes256-ctr
MACs hmac-sha1 MACs hmac-sha1
<% end -%> <% end -%>

2
templates/sshd_config/Debian_jessie.erb
View file

@ -111,7 +111,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %> AllowGroups <%= s %>
<%- end -%> <%- end -%>
<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr Ciphers aes256-ctr
MACs hmac-sha1 MACs hmac-sha1
<% end -%> <% end -%>

2
templates/sshd_config/Debian_sid.erb
View file

@ -111,7 +111,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %> AllowGroups <%= s %>
<%- end -%> <%- end -%>
<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr Ciphers aes256-ctr
MACs hmac-sha1 MACs hmac-sha1
<% end -%> <% end -%>

2
templates/sshd_config/Debian_squeeze.erb
View file

@ -115,7 +115,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %> AllowGroups <%= s %>
<%- end -%> <%- end -%>
<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr Ciphers aes256-ctr
MACs hmac-sha1 MACs hmac-sha1
<% end -%> <% end -%>

2
templates/sshd_config/Debian_wheezy.erb
View file

@ -114,7 +114,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %> AllowGroups <%= s %>
<%- end -%> <%- end -%>
<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr Ciphers aes256-ctr
MACs hmac-sha1 MACs hmac-sha1
<% end -%> <% end -%>

2
templates/sshd_config/FreeBSD.erb
View file

@ -152,7 +152,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %> AllowGroups <%= s %>
<%- end -%> <%- end -%>
<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr Ciphers aes256-ctr
MACs hmac-sha1 MACs hmac-sha1
<% end -%> <% end -%>

2
templates/sshd_config/Gentoo.erb
View file

@ -147,7 +147,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %> AllowGroups <%= s %>
<%- end -%> <%- end -%>
<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr Ciphers aes256-ctr
MACs hmac-sha1 MACs hmac-sha1
<% end -%> <% end -%>

2
templates/sshd_config/OpenBSD.erb
View file

@ -128,7 +128,7 @@ AllowGroups <%= s %>
# AllowTcpForwarding no # AllowTcpForwarding no
# ForceCommand cvs server # ForceCommand cvs server
<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr Ciphers aes256-ctr
MACs hmac-sha1 MACs hmac-sha1
<% end -%> <% end -%>

2
templates/sshd_config/Ubuntu.erb
View file

@ -115,7 +115,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %> AllowGroups <%= s %>
<%- end -%> <%- end -%>
<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr Ciphers aes256-ctr
MACs hmac-sha1 MACs hmac-sha1
<% end -%> <% end -%>

2
templates/sshd_config/Ubuntu_lucid.erb
View file

@ -118,7 +118,7 @@ AllowGroups <%= s %>
PrintMotd <%= scope.lookupvar('sshd::print_motd') %> PrintMotd <%= scope.lookupvar('sshd::print_motd') %>
<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> <% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr Ciphers aes256-ctr
MACs hmac-sha1 MACs hmac-sha1
<% end -%> <% end -%>