opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
336 commits 2 branches 0 tags 297 KiB
Commit graph

209 commits

Author SHA1 Message Date
Antoine Beaupré
6ea0beb114 disable autossh control port 
this is important to make it easier to guess the ssh port from the
central server.

we rely on ServerAliveInterval instead to reconnect when we lose the
server.

this was unintentionally removed in november 2012 in the isuma-autossh
package, saying it was "not supported everywhere" and due to some
confusion about the defaults (defaults are to *enable* the port). see
commit ec0ebdd9533a29ee4f62f9fbb84ee9e80219ef84 in there.
 2015-06-18 17:15:28 -04:00
Antoine Beaupré
7b99c89edf make autossh fork properly 2015-06-18 17:15:28 -04:00
Antoine Beaupré
cb9bceb04e allow customizing user 2015-06-18 17:15:27 -04:00
Antoine Beaupré
7a18ca3c8f rewrite autossh startup script with dh_make template 2015-06-18 17:14:59 -04:00
Antoine Beaupré
baf0a425d2 remove traces of isuma vendor 2015-06-18 17:11:21 -04:00
Antoine Beaupré
72b4eadc2d import from autossh package 2015-06-18 17:11:21 -04:00
Jerome Charaoui
1f6803708a Add newline to ssh_authorized_key file content 2015-05-21 13:20:38 -04:00
Jerome Charaoui
feeb9400e5 Simplify ssh_authorized_key 2015-05-21 13:19:40 -04:00
Jerome Charaoui
cbfa047a71 Revert "Simplify ssh_authorized_key" 
puppet-lint complains about "selector inside resource"

This reverts commit f3c0115743.
 2015-05-21 13:12:18 -04:00
Jerome Charaoui
f3c0115743 Simplify ssh_authorized_key 2015-05-21 10:29:03 -04:00
Jerome Charaoui
4c87f6bd1e Add header to ssh_authorized_key when override_builting = 1 2015-05-21 10:17:52 -04:00
Jerome Charaoui
383f919ebb Fix invalid single quotes around variables 2015-05-21 09:58:38 -04:00
Matt Taggart
e60fb9a027 add override_builtin parameter to handle the common authorized_key directory case 2015-05-20 14:55:09 -07:00
Micah Anderson
fd82841c1f Change 'hardened_ssl' paramter to simply 'hardened', this makes more 
sense in general
 2015-05-04 15:42:26 -04:00
Antoine Beaupré
d4923b2c3a Merge branch 'hostkey_type' into 'master' 
Hostkey type

This is the pull request associated with: https://labs.riseup.net/code/issues/8285

See merge request !6
 2015-04-17 18:43:16 +00:00
Jerome Charaoui
45892056cd Debian squeeze and wheezy do not support the operatingsystemmajrelease fact (they ship facter 1.6.x) 2015-01-15 16:49:35 -05:00
Micah Anderson
d78749fd8f Add a $hostkey_type variable that allows you to set which hostkey 
types you want to support in your sshd_config.

We use the ssh_version fact to determine the default hostkey types.
Only enable rsa and ed25519 for ssh versions greater or equal
to 6.5, otherwise enable rsa and dsa.

Some distributions, such as debian, also enable ecdsa as a hostkey
type, but this is a known bad NIST curve, so we do not enable that
by default (thus deviating from the stock sshd config)
 2014-11-21 21:20:29 -05:00
mh
1f6f568930 move to os release number on centos for selection 2014-08-15 10:22:40 +02:00
mh
f19d1718b4 Openbsd also does not yet have it 2014-06-10 19:41:50 +02:00
mh
88c58b307c EL 6 also does not have this option yet 2014-06-10 19:28:19 +02:00
mh
4b7fc1a695 lintig a document 2014-06-10 18:31:11 +02:00
mh
0f9315b4f3 not all versions support the new default 2014-06-10 18:29:47 +02:00
mh
cd783ad5eb Merge remote-tracking branch 'shared/master' 
Conflicts:
	manifests/init.pp
 2014-06-10 11:25:16 +02:00
Micah Anderson
5c23b33200 update $authorized_keys_file variable default to be the default is 
documented by sshd_config(5)
 2014-05-27 16:43:47 -04:00
Micah Anderson
6b1044a0c7 add the ability to override the automatic inclusion of the sshd_client 2014-05-27 16:42:59 -04:00
mh
fb60c0c0c9 linting 2014-03-14 10:36:24 +01:00
mh
afb8ec7103 remove unnecessary param 2014-03-14 10:35:02 +01:00
Tomas Barton
59f1623786 renamed ipaddress_fact to sshkey_ipaddres 2014-02-21 14:37:55 +01:00
Tomas Barton
e2a69e56a1 too tired to type 2014-02-14 01:48:40 +01:00
Tomas Barton
2f12205c6b fixed variable name 2014-02-14 01:44:54 +01:00
Tomas Barton
a6a05cd9fc custom ip address fact 2014-02-14 01:24:15 +01:00
Tomas Barton
bf425e96b1 validate parameters 2014-01-27 00:16:27 +01:00
Tomas Barton
bf16ec7bc7 removed lsb-release package 2014-01-27 00:14:34 +01:00
Tomas Barton
9dc5a1db18 removed special no-restart status for etch 2014-01-27 00:04:33 +01:00
Tomas Barton
5ce0dcda97 client spec 2014-01-26 18:26:34 +01:00
Tomas Barton
035161ef16 basic init class specs 2014-01-26 18:26:34 +01:00
Tomas Barton
78f1ff00d0 replaces shared-lsb by puppetlabs/stdlib 2014-01-26 18:26:34 +01:00
mh
a3aeb0d573 rather match the correct service than the parent pid 
the last approach only matched if someone was logged in
with ssh. :/
 2013-05-29 23:46:37 +02:00
Yoann Laissus
3c30e95985 Nagios disabled by default 2013-05-29 23:21:46 +02:00
mh
be062f00e2 on newer puppet version the openbsd service provider changed slightly making this necessary 2013-05-20 20:44:15 +02:00
Michael Moll
7743650cde style fixes 
silence puppet-lint
 2013-02-03 00:30:54 +01:00
mh
d4db185c3f migrate away from hiera stuff 2012-06-13 21:52:44 -03:00
mh
2204eb01f6 new style for 2.7 2012-06-05 18:23:03 -03:00
mh
cb7cd9e314 Merge remote-tracking branch 'shared/master' 2011-07-29 19:31:41 +02:00
Silvio Rhatto
0e9e1b6f2c Adding PrintMotd parameter to all templates and setting per-distro default value 2011-07-21 11:01:33 -03:00
Gabriel Filion
69c8085470 Provide a default value for $sshd_shared_ip in sshd::client 
Since it's possible to "include sshd::client" without using "include
sshd" (e.g. installing/managing ssh client but not the server) provide a
default value for $sshd_shared_ip also in the sshd::client class.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
 2011-07-17 00:21:44 -04:00
Gabriel Filion
6615426a49 Clean out $ssh_use_strong_ciphers 
A tentative option from rhatto using the variable named
$ssh_use_strong_ciphers still has two lines in init.pp

Since the same functionality is provided by the variable
$ssh_hardened_ssl that was merged in the shared repository, rhatto
removed his feature. But there are still two lines left, so simply
remove them.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
 2011-07-16 23:49:11 -04:00
Silvio Rhatto
99928cd61e Merge branch 'master' of git://labs.riseup.net/shared-sshd 2011-07-13 18:39:18 -03:00
Micah Anderson
779d27e0ae Merge remote-tracking branch 'lelutin/freebsd' 2011-06-21 11:46:42 -04:00
intrigeri
34863e959f New opt-in support to only use strong SSL ciphers and MACs. 
The new configuration variable is $sshd_hardened_ssl.
Settings were stolen from https://github.com/ioerror/duraconf.git.
 2011-06-21 00:27:55 +02:00