opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
278 commits 2 branches 0 tags 297 KiB
Commit graph

189 commits

Author SHA1 Message Date
intrigeri
ceb1280177 Bugfix 2010-10-18 19:13:59 +02:00
intrigeri
5fb8eb969b bugfix 2010-10-16 21:55:44 +02:00
intrigeri
ef093cafff bugfix 2010-10-16 21:54:24 +02:00
intrigeri
a643172a79 New option sshd_ports that obsoletes sshd_port. 
Backward compatibility is preserved.
 2010-10-16 16:05:00 +02:00
intrigeri
060703f6a2 sshd service has status and restart commands in post-etch Debian releases. 2010-10-13 23:48:39 +02:00
intrigeri
456e42b035 Simplify by using the config_file definition. 2010-10-04 22:03:49 +02:00
Silvio Rhatto
2c9e690d90 Using sshd::client::debian for ubuntu 2010-06-03 23:29:10 -03:00
Silvio Rhatto
5b77bf8123 Merge branch 'master' of git://labs.riseup.net/module_sshd 2010-02-25 14:52:32 -03:00
Micah Anderson
6b660a56a7 update nagios check_command to check ssh port. it was using ssh_port, it should be 'check_ssh_port' 2010-02-21 14:01:35 -05:00
Silvio Rhatto
1a26489a12 Renaming $sshd_internal_ip to $sshd_shared_ip 2010-01-30 21:32:12 -02:00
Silvio Rhatto
1e932ca927 Merge branch 'master' of git://labs.riseup.net/module_sshd 2009-12-28 11:18:54 -02:00
Micah Anderson
739c9d8e0e Merge remote branch 'lavamind/master' 2009-12-27 16:27:20 -05:00
Silvio Rhatto
83cc6e3ded Reverting last change 2009-12-27 17:04:12 -02:00
Silvio Rhatto
27bcf5e489 Always including sshd::client::base 2009-12-27 16:53:19 -02:00
Silvio Rhatto
3955383bb6 Using fqdn instead of hostname.domain 2009-12-27 16:30:14 -02:00
Silvio Rhatto
400476ebc7 Using sshrsakey instead of sshrsakey_key 2009-12-27 15:33:35 -02:00
Silvio Rhatto
1fd1d896a0 Introducing sshd_internal_ip variable 2009-12-27 14:23:51 -02:00
Silvio Rhatto
bbc03d2c10 PrintMotd using default OpenSSH setting 2009-12-27 14:01:55 -02:00
Micah Anderson
ea1a34bd79 update comments to include information about how to use the nagios 
checks and the pre-requirements
 2009-12-21 15:00:10 -05:00
Micah Anderson
6b602886ef fix the comments section so that the include isn't misleading. if you 
use 'include sshd::debian', then none of the variables are set, and you
will fail to parse the templates
 2009-12-19 03:30:16 -05:00
Jerome Charaoui
3c21e594e6 remove fqdn from nagios service description (hostname is used in the internal nagios_service name) 2009-12-18 14:38:01 -05:00
mh
edcd0859b1 make key removal a bit easier 2009-12-18 19:06:43 +01:00
mh
0f281c8d4d enable that ssh auth-keys can be removed 2009-12-18 18:36:05 +01:00
mh
1d595dd34c false != 'false' 2009-12-11 09:45:35 +01:00
mh
dac25a5c68 require class instead of requiring packages 2009-12-10 23:49:32 +01:00
mh
5bdeab5848 re-add shorewall in rule :/ 2009-12-10 23:45:12 +01:00
mh
217a4e2566 undef or '' as default 2009-12-10 23:34:57 +01:00
mh
bdf7bd334e merged with riseup module, various cleaning up 2009-12-10 23:15:07 +01:00
mh
384b1466ea switch to new lsb way 2009-12-07 16:04:26 -05:00
mh
c8e0ef9ede better set the variables in the init 2009-12-07 16:04:22 -05:00
mh
5e20e07d1f factor everything into its own file 2009-12-07 16:03:55 -05:00
mh
62ba8525f1 do not quote default! 2009-12-07 16:03:49 -05:00
mh
e3cb846f32 try if setting a target fixes the problem 2009-12-07 16:03:46 -05:00
mh
d92fa75793 changed target behaviour 2009-12-07 16:03:42 -05:00
mh
6bf0a1bbc7 adjusted to new usage of booleans 2009-12-07 16:03:39 -05:00
mh
9e36776ee6 adjusted to new usage of booleans 2009-12-07 16:03:34 -05:00
Micah Anderson
6601c38296 Revert "fix missing curly brace" -- this was actually correct 
This reverts commit d4fba70a51.
 2009-10-01 18:30:02 -04:00
Micah Anderson
d4fba70a51 fix missing curly brace 2009-09-29 15:32:36 -04:00
Micah Anderson
2c3f632e90 fix previous change which took the client/server packages out of the linux class 
and instead allow for a version change through an if variable. thanks ng!
 2009-07-09 12:15:10 -04:00
Micah Anderson
d86ec97ab0 same problem with the openssh-clients in the sshd::client::linux class 2009-07-07 21:04:23 -04:00
Micah Anderson
55e0a6178b the sshd::linux class cannot also define the openssh package 
if we are to have the possibility of potentially overriding the version number it must be done in the base class
 2009-07-07 21:02:31 -04:00
Micah Anderson
dfebe2a9b5 make it possible to override what version of openssh-server and client are installed by providing the variable $sshd_ensure_version, which defaults to the previous value of present when not specified 2009-07-07 20:55:01 -04:00
Micah Anderson
f44776cbbf replace the sshd_additional_options variable with two, one called 
sshd_head_additional_options and one called sshd_tail_additional_options.
the first puts the value at the beginning of the file, and the second at
the end.

This is necessary due to some option ordering requiring things to be
before others
 2009-07-07 20:52:40 -04:00
Micah Anderson
5161c4332a Merge commit 'anarcat/master' 2008-12-07 12:17:12 -05:00
Micah Anderson
667d7e30df Merge commit 'ng/master' 
Conflicts:

	manifests/init.pp

Conflict due to indentation formatting differences
 2008-12-07 12:12:33 -05:00
Antoine Beaupre
461bc0c2f0 emit a warning instead of info when the ssh server doesn't have an sshrsa key 
also export the key based on ip address, removing all warnings
 2008-12-06 19:12:17 -05:00
Antoine Beaupre
992e6e0f07 use the proper fact to export ssh keys. See http://projects.reductivelabs.com/issues/show/1799#note-1 2008-12-06 18:39:53 -05:00
Antoine Beaupre
fa072188dc make saner defaults for authorized_keys 
note that this removes the user => root default
 2008-12-02 16:56:19 -05:00
mh
ec2501d07c unified naming 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2674 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-11-07 20:40:24 +00:00
mh
7103d6bfcc check ssh with nagios 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2672 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-11-07 20:19:31 +00:00
Micah Anderson
6fb10939af In debian, the daemon is run as 'sshd', but the initscript is 
/etc/init.d/ssh, which means that name needs to be set to 'ssh', and
pattern needs to be set to 'sshd', and then we set the hassstatus and
hasrestart depending on the lsbdistcodename
 2008-10-27 17:00:39 -04:00
Micah Anderson
49d840dab4 lsbdistcodename is the proper variable to check for if the system is debian or lenny 2008-10-27 16:20:26 -04:00
Micah Anderson
98ddbe8ef5 change the debian 'hasrestart' option to a selector based on which $debian_version is detected, 
etch does not have a ssh restart option in the initscript, but lenny does
 2008-10-26 12:39:45 -04:00
Micah Anderson
1b2dcaf510 update formatting to be consistent with upstream puppet emacs mode, if this is different from the vim 
mode, then there is a difference between these two editor's formatting that needs to be resolved
 2008-10-23 15:04:47 -04:00
Micah Anderson
50c52b8483 Merge branch 'master' of gitosis@labs.riseup.net:module_sshd 2008-10-23 15:01:53 -04:00
Micah Anderson
96760cc558 debian has both status and restart options, in fact restart is 
preferable because a stop/start operation can leave sshd broken
because the stop wont stop before the start is run. On the next puppet
run ssh will be brought back up, but its a hair-raising few minutes
while you wonder what happened
 2008-10-23 14:59:42 -04:00
Pietro Ferrari
ae5215705a Merge commit 'immerda/master' 2008-10-21 02:03:37 +02:00
mh
96bbe0adb8 new options, cleaned up real_ hack 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2527 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-10-20 22:46:50 +00:00
mh
68b72b545b remove deprecated define 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2317 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-10-02 22:04:31 +00:00
Micah Anderson
90f14f4ae4 Merge commit 'ng/master' 2008-09-30 21:04:46 -04:00
mh
fce684ca58 fix correct inheritance 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2272 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-09-30 20:13:47 +00:00
mh
456fec72ed remove dependency completly 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2267 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-09-29 22:50:28 +00:00
mh
f733562469 moved package depency to the linux class, openbsd doesn't have this package 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2266 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-09-29 22:48:35 +00:00
mh
1afa887a2e factored out the package to some subclasses as openbsd doesn't need such a package 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2265 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-09-29 22:45:39 +00:00
mh
9ce186f5c3 merged with riseup 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2263 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-09-29 22:37:26 +00:00
Micah Anderson
16dd74a7de include assert_lsbdistcodename for debian 2008-09-28 13:40:35 -04:00
Micah Anderson
aa3badea81 add some comments to clarify how to set variables, and provide examples 2008-09-28 12:38:18 -04:00
Micah Anderson
c751cf22ed clarify in the example about how you can set multiple ListenAddresses with the right syntax 
also set the default to be 0.0.0.0 and :: which is the normal default for all IPv4 and all IPv6 addresses
 2008-09-27 17:45:57 -04:00
Micah Anderson
d827a52614 rename the templates to coincide with the downcased lsbdistcodename 
also add a missing comma in the content selector
 2008-09-27 16:51:32 -04:00
Micah Anderson
57eb2df037 Change the template naming: 
1. remove the _normal suffix, as it is not used
2. add a selector to look for the variable $lsbdistcodename being set and use that in selecting a template
this is useful to create a Debian_Etch.erb and a Debian_Lenny.erb which can have different values. For example
the Debian Etch version of openssh does not have the AllowAgentForwarding option, and if it is included, ssh will
fail to start
 2008-09-27 16:42:08 -04:00
Micah Anderson
57a0fd279e fix the default of PubkeyAuthentication (supposed to be yes, but was set to no) 2008-09-27 15:19:43 -04:00
Micah Anderson
11be1b1f8c fix duplicate sshd word in variable name 2008-09-27 13:39:28 -04:00
Micah Anderson
2391ef9bfe add the ability to set the ListenAddress configuration option through sshd_listen_address 2008-09-27 13:30:52 -04:00
Micah Anderson
ef6f137cff add the variable sshd_authorized_keys_file with the default set to the normal: %h/.ssh/authorized_keys 2008-09-26 20:03:10 -04:00
Micah Anderson
26e4ac53a9 add sshd_port variable enabling you to set a different port for sshd, default is 22 2008-09-26 18:23:25 -04:00
Micah Anderson
e525f18d12 minor fix to indentation 2008-09-26 18:16:58 -04:00
Micah Anderson
0b18022727 add sshd_allow_tcp_forwarding variable, with the default changed to no (note this is opposite of 
what the existing template had enabled for Debian, but this is a better setting)
 2008-09-26 17:55:02 -04:00
Micah Anderson
58fef5f809 add variable sshd_permit_empty_passwords, with the default set to no 2008-09-26 17:51:12 -04:00
Micah Anderson
06163fbb92 added sshd_rhosts_rsa_authentication variable, default set to no 
added sshd_hostbased_authentication variable, default set to no
 2008-09-26 17:44:16 -04:00
Micah Anderson
9edd2705d4 add sshd_ignore_rhosts option, default set to yes 2008-09-26 17:30:28 -04:00
Micah Anderson
ba8d788f89 add the sshd_strict_modes variable, with the default set to yes 2008-09-26 17:28:05 -04:00
Micah Anderson
19b49e80ee add the sshd_rsa_authentication option, default set to no 2008-09-26 17:21:01 -04:00
Micah Anderson
6f5a865b58 add sshd_pubkey_authentication variable, with the default set to yes 2008-09-26 17:10:33 -04:00
Micah Anderson
51c18b6b8f added sshd_challenge_response_authentication variable, with the default value set to no 2008-09-26 17:05:49 -04:00
Micah Anderson
3bd90d741c Add the variable AllowAgentForwarding to be set, with the default of 'no', only the Debian 
template was adjusted for this, as my knowledge of the other operating systems is not good enough
to determine the appropriate setting there
 2008-09-26 16:57:59 -04:00
mh
e3ce449ff4 Merge commit 'puzzle/development' 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2230 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-09-09 23:19:00 +00:00
mh
cecae58767 added libssh2 stuff 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2212 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-09-05 14:38:44 +00:00
mh
f66c80d97a remove double definition 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2093 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-07-29 23:34:40 +00:00
mh
e41d117247 Merge commit 'puzzle/development' 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2092 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-07-29 23:30:05 +00:00
mh
34bcb5c3d6 fixed fact as centos doesn't seem to add the hostname to the hostkey, fixed package requirement 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1994 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-07-25 11:17:06 +00:00
mh
9fc6a0baf3 added exporting and collecting of ssh keys 
Taken from David Schmitts ssh module: http://git.black.co.at/?p=module-ssh


git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1877 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-07-17 18:17:52 +00:00
mh
8bc696b174 readded a source 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1628 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-06-17 07:57:46 +00:00
mh
ece3afde12 merged with puzzle 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1614 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-06-13 21:01:39 +00:00
mh
2e38f51bd6 added status info 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1198 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-04-11 13:17:27 +00:00
mh
71da05e453 added debian and ubuntu 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1197 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-04-11 13:14:47 +00:00
mh
1ba819a192 fixed missing bracket 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1164 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-04-04 18:43:57 +00:00
mh
bdf171ffee fixed typo 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1163 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-04-04 18:40:29 +00:00
mh
3a15ca8c3c removed crap 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1162 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-04-04 18:39:12 +00:00
mh
0603077ce6 moved /dist/-stuff to /files/, heavily refactored a lot, made it more look all the same way. some sources added here and there. hope it still works everything, the location on the disk of /files/ is still call dists. no need to hurry to change that 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@1160 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-04-04 15:30:26 +00:00
mh
eba8003eef fixed wrong path 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@923 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-02-29 14:25:05 +00:00