opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
336 commits 2 branches 0 tags 297 KiB
Commit graph

15 commits

Author SHA1 Message Date
Matt Taggart
b682edaae3 disable the debian/ubuntu package version from being sent to clients 2015-05-22 16:37:03 -07:00
Jerome Charaoui
ac6e09ecde Adjust variable lookup in templates to silence deprecation warnings, fixes #1 2015-05-07 11:34:07 -04:00
Micah Anderson
e4a9c15987 Implement enhanced MAC (Message Authentication Codes) according to 
installed version of openssh and https://stribika.github.io/2015/01/04/secure-secure-shell.html
 2015-05-04 15:42:26 -04:00
Micah Anderson
1402e67b21 Implement enhanced symmetric cipher selection, based on 
https://stribika.github.io/2015/01/04/secure-secure-shell.html and
version of openssh installed
 2015-05-04 15:42:26 -04:00
Micah Anderson
430c48200e Implement KexAlgorithms settings, based on Key exchange section of 
https://stribika.github.io/2015/01/04/secure-secure-shell.html

Note, that on some systems it is uncertain if they will have a new
enough version of openssh installed, so on those a version test is done
to see before setting them.
 2015-05-04 15:42:26 -04:00
Micah Anderson
fd82841c1f Change 'hardened_ssl' paramter to simply 'hardened', this makes more 
sense in general
 2015-05-04 15:42:26 -04:00
Micah Anderson
d78749fd8f Add a $hostkey_type variable that allows you to set which hostkey 
types you want to support in your sshd_config.

We use the ssh_version fact to determine the default hostkey types.
Only enable rsa and ed25519 for ssh versions greater or equal
to 6.5, otherwise enable rsa and dsa.

Some distributions, such as debian, also enable ecdsa as a hostkey
type, but this is a known bad NIST curve, so we do not enable that
by default (thus deviating from the stock sshd config)
 2014-11-21 21:20:29 -05:00
intrigeri
75117dd042 Resynchronize Debian sid template with the configuration file currently shipped by the package. 2014-09-17 20:43:45 +00:00
mh
5b86606d59 correct variable naming 2012-06-18 17:43:48 -03:00
mh
2204eb01f6 new style for 2.7 2012-06-05 18:23:03 -03:00
Silvio Rhatto
0e9e1b6f2c Adding PrintMotd parameter to all templates and setting per-distro default value 2011-07-21 11:01:33 -03:00
intrigeri
34863e959f New opt-in support to only use strong SSL ciphers and MACs. 
The new configuration variable is $sshd_hardened_ssl.
Settings were stolen from https://github.com/ioerror/duraconf.git.
 2011-06-21 00:27:55 +02:00
Micah Anderson
ac240412cc remove HostbasedUsesNameFromPacketOnly yes from Debian sshd_config templates. This is not set in the Debian templates by default, and the default is actually no, not yes. If someone wishes to make a configuration variable they can, otherwise head/tail_additional options can be used 2011-02-21 12:45:49 -05:00
intrigeri
c99ff17b1f Resync Debian sid template with the Squeeze's one. 
Currently, the only difference is LoginGraceTime, that defaults to 600 in sid.
 2011-02-21 18:29:25 +01:00
Gabriel Filion
abb8566742 Add sshd_config template for Debian sid 
Debian's unstable branch currently has no template for sshd_config, and
thus cannot use the sshd class.

Add a template for Debian sid.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
 2011-01-30 21:28:36 -05:00