Silvio Rhatto
0e9e1b6f2c
Adding PrintMotd parameter to all templates and setting per-distro default value
2011-07-21 11:01:33 -03:00
Silvio Rhatto
57d8883d48
Removing sshd_use_strong_ciphers parameter as sshd_hardened_ssl does the job
2011-07-13 18:41:59 -03:00
Silvio Rhatto
99928cd61e
Merge branch 'master' of git://labs.riseup.net/shared-sshd
2011-07-13 18:39:18 -03:00
intrigeri
34863e959f
New opt-in support to only use strong SSL ciphers and MACs.
...
The new configuration variable is $sshd_hardened_ssl.
Settings were stolen from https://github.com/ioerror/duraconf.git .
2011-06-21 00:27:55 +02:00
Silvio Rhatto
4d73d3784e
Changing strong cipher to aes128-crt
2011-02-23 14:46:20 -03:00
Silvio Rhatto
9ac4697eb5
Changing parameter name sshd_perfect_forward_secrecy to sshd_use_strong_ciphers as sshd already does PFS
2011-02-23 14:25:18 -03:00
Micah Anderson
ac240412cc
remove HostbasedUsesNameFromPacketOnly yes from Debian sshd_config templates. This is not set in the Debian templates by default, and the default is actually no, not yes. If someone wishes to make a configuration variable they can, otherwise head/tail_additional options can be used
2011-02-21 12:45:49 -05:00
Silvio Rhatto
474b23271d
Merge branch 'master' of git://labs.riseup.net/shared-sshd
...
Conflicts:
templates/sshd_config/Debian_squeeze.erb
2011-02-19 18:08:02 -02:00
Silvio Rhatto
505692a72e
Merge branch 'master' of git://labs.riseup.net/shared-sshd
2011-02-13 15:13:10 -02:00
Silvio Rhatto
30a4593a05
Introducing perfect forward secrecy for SSH
2010-12-16 20:20:53 -02:00
Micah Anderson
167cf53271
"ChallengeResponseAuthentication no" was being hardcoded later in the Debian Lenny sshd_config template, even though we offer it as a variable. With this commit, the variable will actually work, rather than be overriden
2010-12-14 13:41:05 -05:00
mh
7e6d3af6f8
lenny already has AcceptEnv by default
2010-10-21 15:31:31 +02:00
intrigeri
8cb562f87c
Syntax fix.
2010-10-16 22:32:25 +02:00
intrigeri
a643172a79
New option sshd_ports that obsoletes sshd_port.
...
Backward compatibility is preserved.
2010-10-16 16:05:00 +02:00
intrigeri
23efb583bf
Cleanup templates: sshd_port is guaranteed by init.pp not to be empty.
2010-10-16 16:01:24 +02:00
intrigeri
0615dc635c
Actually allow enabling ChallengeResponseAuthentication on Debian Lenny.
2010-10-03 19:56:04 +02:00
Silvio Rhatto
bbc03d2c10
PrintMotd using default OpenSSH setting
2009-12-27 14:01:55 -02:00
Micah Anderson
93e2f4d4c0
Template out the possibility of specifying the key word 'off' to the
...
$sshd_port parameter, which simply puts a comment in front of that
option, rather than specifying it.
2009-07-07 20:55:13 -04:00
Micah Anderson
f44776cbbf
replace the sshd_additional_options variable with two, one called
...
sshd_head_additional_options and one called sshd_tail_additional_options.
the first puts the value at the beginning of the file, and the second at
the end.
This is necessary due to some option ordering requiring things to be
before others
2009-07-07 20:52:40 -04:00
Micah Anderson
78938cde2a
Fix location of default sftp-server on Debian, and uncomment the sftp
...
configuration line to get the sshd_config file defaults to be more
like the standard shipped defaults from Debian
2008-12-07 12:15:41 -05:00
Micah Anderson
1f25b213e1
Debian's sshd config typically has PrintMotd no set because its already printed via PAM.
...
Without it set, it is defaulted to 'yes', which results in the MOTD being printed twice, so
we return the Debian default configuration in this commit
2008-10-27 15:45:11 -04:00
mh
96bbe0adb8
new options, cleaned up real_ hack
...
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2527 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
2008-10-20 22:46:50 +00:00
mh
9ce186f5c3
merged with riseup
...
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2263 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
2008-09-29 22:37:26 +00:00