opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
331 commits 2 branches 0 tags 297 KiB
Commit graph

159 commits

Author SHA1 Message Date
Micah Anderson
fd82841c1f Change 'hardened_ssl' paramter to simply 'hardened', this makes more 
sense in general
 2015-05-04 15:42:26 -04:00
Antoine Beaupré
d4923b2c3a Merge branch 'hostkey_type' into 'master' 
Hostkey type

This is the pull request associated with: https://labs.riseup.net/code/issues/8285

See merge request !6
 2015-04-17 18:43:16 +00:00
Jerome Charaoui
45892056cd Debian squeeze and wheezy do not support the operatingsystemmajrelease fact (they ship facter 1.6.x) 2015-01-15 16:49:35 -05:00
Micah Anderson
d78749fd8f Add a $hostkey_type variable that allows you to set which hostkey 
types you want to support in your sshd_config.

We use the ssh_version fact to determine the default hostkey types.
Only enable rsa and ed25519 for ssh versions greater or equal
to 6.5, otherwise enable rsa and dsa.

Some distributions, such as debian, also enable ecdsa as a hostkey
type, but this is a known bad NIST curve, so we do not enable that
by default (thus deviating from the stock sshd config)
 2014-11-21 21:20:29 -05:00
mh
f19d1718b4 Openbsd also does not yet have it 2014-06-10 19:41:50 +02:00
mh
88c58b307c EL 6 also does not have this option yet 2014-06-10 19:28:19 +02:00
mh
4b7fc1a695 lintig a document 2014-06-10 18:31:11 +02:00
mh
0f9315b4f3 not all versions support the new default 2014-06-10 18:29:47 +02:00
mh
cd783ad5eb Merge remote-tracking branch 'shared/master' 
Conflicts:
	manifests/init.pp
 2014-06-10 11:25:16 +02:00
Micah Anderson
5c23b33200 update $authorized_keys_file variable default to be the default is 
documented by sshd_config(5)
 2014-05-27 16:43:47 -04:00
Micah Anderson
6b1044a0c7 add the ability to override the automatic inclusion of the sshd_client 2014-05-27 16:42:59 -04:00
Tomas Barton
59f1623786 renamed ipaddress_fact to sshkey_ipaddres 2014-02-21 14:37:55 +01:00
Tomas Barton
e2a69e56a1 too tired to type 2014-02-14 01:48:40 +01:00
Tomas Barton
a6a05cd9fc custom ip address fact 2014-02-14 01:24:15 +01:00
Tomas Barton
bf425e96b1 validate parameters 2014-01-27 00:16:27 +01:00
Yoann Laissus
3c30e95985 Nagios disabled by default 2013-05-29 23:21:46 +02:00
Michael Moll
7743650cde style fixes 
silence puppet-lint
 2013-02-03 00:30:54 +01:00
mh
d4db185c3f migrate away from hiera stuff 2012-06-13 21:52:44 -03:00
mh
2204eb01f6 new style for 2.7 2012-06-05 18:23:03 -03:00
Silvio Rhatto
0e9e1b6f2c Adding PrintMotd parameter to all templates and setting per-distro default value 2011-07-21 11:01:33 -03:00
Gabriel Filion
6615426a49 Clean out $ssh_use_strong_ciphers 
A tentative option from rhatto using the variable named
$ssh_use_strong_ciphers still has two lines in init.pp

Since the same functionality is provided by the variable
$ssh_hardened_ssl that was merged in the shared repository, rhatto
removed his feature. But there are still two lines left, so simply
remove them.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
 2011-07-16 23:49:11 -04:00
Silvio Rhatto
99928cd61e Merge branch 'master' of git://labs.riseup.net/shared-sshd 2011-07-13 18:39:18 -03:00
Micah Anderson
779d27e0ae Merge remote-tracking branch 'lelutin/freebsd' 2011-06-21 11:46:42 -04:00
intrigeri
34863e959f New opt-in support to only use strong SSL ciphers and MACs. 
The new configuration variable is $sshd_hardened_ssl.
Settings were stolen from https://github.com/ioerror/duraconf.git.
 2011-06-21 00:27:55 +02:00
Silvio Rhatto
9ac4697eb5 Changing parameter name sshd_perfect_forward_secrecy to sshd_use_strong_ciphers as sshd already does PFS 2011-02-23 14:25:18 -03:00
Silvio Rhatto
474b23271d Merge branch 'master' of git://labs.riseup.net/shared-sshd 
Conflicts:
	templates/sshd_config/Debian_squeeze.erb
 2011-02-19 18:08:02 -02:00
Micah Anderson
86f31fcff9 Pull together a more comprehensive README, moving the configurable variables from init.pp into the README, and detailing the other features, and requirements, of the module 2011-02-19 14:12:04 -05:00
intrigeri
2f7903bcc4 Merge remote branch 'shared/master' 
Conflicts:
	templates/sshd_config/Debian_squeeze.erb

I always picked the shared repository version when conflicts arose.
The only exception to this rule was:
I kept my branch's "HostbasedUsesNameFromPacketOnly yes" in order
to be consistent with existing Etch and Lenny templates.
This is not the default Debian setting, but I would find it weird if a host
had this setting changed by Puppet after upgrading to Squeeze.
The right way to proceed would probably be to make this configurable.
 2011-02-14 17:17:31 +01:00
Silvio Rhatto
505692a72e Merge branch 'master' of git://labs.riseup.net/shared-sshd 2011-02-13 15:13:10 -02:00
Gabriel Filion
7224e085a3 Fix inclusion for default os 
When the os of a client is not one of those that use a specialized
class, (e.g. FreeBSD) the inclusion is currently broken: it tries to
include sshd::default which does not exist.

Change this to include sshd::base instead.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
 2011-01-30 21:15:35 -05:00
Silvio Rhatto
30a4593a05 Introducing perfect forward secrecy for SSH 2010-12-16 20:20:53 -02:00
Micah Anderson
0ec0562257 remote KerberosGetAFSToken, its actually not a functional configuration option, even though it is listed in the man page, and commented out in the default config file. I filed a bug with debian (#607238) 2010-12-15 20:38:07 -05:00
Micah Anderson
72e24df3b6 add Debian Squeeze sshd template. Enabled kerberos and gssapi options, using the defaults when not specified 2010-12-14 13:22:43 -05:00
mh
8f918b0e73 use parametrized class to pass ssh_ports to open up things 2010-10-20 23:46:14 +02:00
mh
d0d3d20e14 add nagios_check_ssh_hostname to tweak the hostname which whould be monitored, as this one might actually differ 2010-10-20 21:17:16 +02:00
mh
988a88f4e6 move define to own class 2010-10-20 20:56:15 +02:00
intrigeri
ceb1280177 Bugfix 2010-10-18 19:13:59 +02:00
intrigeri
5fb8eb969b bugfix 2010-10-16 21:55:44 +02:00
intrigeri
ef093cafff bugfix 2010-10-16 21:54:24 +02:00
intrigeri
a643172a79 New option sshd_ports that obsoletes sshd_port. 
Backward compatibility is preserved.
 2010-10-16 16:05:00 +02:00
Silvio Rhatto
5b77bf8123 Merge branch 'master' of git://labs.riseup.net/module_sshd 2010-02-25 14:52:32 -03:00
Micah Anderson
6b660a56a7 update nagios check_command to check ssh port. it was using ssh_port, it should be 'check_ssh_port' 2010-02-21 14:01:35 -05:00
Silvio Rhatto
1a26489a12 Renaming $sshd_internal_ip to $sshd_shared_ip 2010-01-30 21:32:12 -02:00
Silvio Rhatto
1e932ca927 Merge branch 'master' of git://labs.riseup.net/module_sshd 2009-12-28 11:18:54 -02:00
Micah Anderson
739c9d8e0e Merge remote branch 'lavamind/master' 2009-12-27 16:27:20 -05:00
Silvio Rhatto
1fd1d896a0 Introducing sshd_internal_ip variable 2009-12-27 14:23:51 -02:00
Silvio Rhatto
bbc03d2c10 PrintMotd using default OpenSSH setting 2009-12-27 14:01:55 -02:00
Micah Anderson
ea1a34bd79 update comments to include information about how to use the nagios 
checks and the pre-requirements
 2009-12-21 15:00:10 -05:00
Micah Anderson
6b602886ef fix the comments section so that the include isn't misleading. if you 
use 'include sshd::debian', then none of the variables are set, and you
will fail to parse the templates
 2009-12-19 03:30:16 -05:00
Jerome Charaoui
3c21e594e6 remove fqdn from nagios service description (hostname is used in the internal nagios_service name) 2009-12-18 14:38:01 -05:00