提交線圖

19 個提交

作者 SHA1 備註 日期
mh
5b86606d59 correct variable naming 2012-06-18 17:43:48 -03:00
mh
2204eb01f6 new style for 2.7 2012-06-05 18:23:03 -03:00
Silvio Rhatto
0e9e1b6f2c Adding PrintMotd parameter to all templates and setting per-distro default value 2011-07-21 11:01:33 -03:00
Silvio Rhatto
57d8883d48 Removing sshd_use_strong_ciphers parameter as sshd_hardened_ssl does the job 2011-07-13 18:41:59 -03:00
Silvio Rhatto
99928cd61e Merge branch 'master' of git://labs.riseup.net/shared-sshd 2011-07-13 18:39:18 -03:00
intrigeri
34863e959f New opt-in support to only use strong SSL ciphers and MACs.
The new configuration variable is $sshd_hardened_ssl.
Settings were stolen from https://github.com/ioerror/duraconf.git.
2011-06-21 00:27:55 +02:00
Silvio Rhatto
75105d66d8 Adding sshd_use_strong_ciphers to all sshd_config templates 2011-02-23 14:40:02 -03:00
Silvio Rhatto
9ac4697eb5 Changing parameter name sshd_perfect_forward_secrecy to sshd_use_strong_ciphers as sshd already does PFS 2011-02-23 14:25:18 -03:00
Micah Anderson
ac240412cc remove HostbasedUsesNameFromPacketOnly yes from Debian sshd_config templates. This is not set in the Debian templates by default, and the default is actually no, not yes. If someone wishes to make a configuration variable they can, otherwise head/tail_additional options can be used 2011-02-21 12:45:49 -05:00
Silvio Rhatto
474b23271d Merge branch 'master' of git://labs.riseup.net/shared-sshd
Conflicts:
	templates/sshd_config/Debian_squeeze.erb
2011-02-19 18:08:02 -02:00
intrigeri
2f7903bcc4 Merge remote branch 'shared/master'
Conflicts:
	templates/sshd_config/Debian_squeeze.erb

I always picked the shared repository version when conflicts arose.
The only exception to this rule was:
I kept my branch's "HostbasedUsesNameFromPacketOnly yes" in order
to be consistent with existing Etch and Lenny templates.
This is not the default Debian setting, but I would find it weird if a host
had this setting changed by Puppet after upgrading to Squeeze.
The right way to proceed would probably be to make this configurable.
2011-02-14 17:17:31 +01:00
Silvio Rhatto
ac30247bf9 Perfect forward secrecy config at squeeze template 2011-02-13 18:42:36 -02:00
Micah Anderson
2188f46db7 fix debian squeeze sshd_config template to add a missing newline 2010-12-20 14:18:30 -05:00
Micah Anderson
0ec0562257 remote KerberosGetAFSToken, its actually not a functional configuration option, even though it is listed in the man page, and commented out in the default config file. I filed a bug with debian (#607238) 2010-12-15 20:38:07 -05:00
Micah Anderson
72e24df3b6 add Debian Squeeze sshd template. Enabled kerberos and gssapi options, using the defaults when not specified 2010-12-14 13:22:43 -05:00
intrigeri
8cb562f87c Syntax fix. 2010-10-16 22:32:25 +02:00
intrigeri
a643172a79 New option sshd_ports that obsoletes sshd_port.
Backward compatibility is preserved.
2010-10-16 16:05:00 +02:00
intrigeri
23efb583bf Cleanup templates: sshd_port is guaranteed by init.pp not to be empty. 2010-10-16 16:01:24 +02:00
intrigeri
b9a8b7b3df Add template for Debian Squeeze. 2010-10-03 19:56:48 +02:00