Commit graph

244 commits

Author SHA1 Message Date
mh
e2c0b37c7e no need to have these quotes 2013-12-04 22:57:47 +01:00
mh
6578e0c918 fix deprecation warning 'Puppet::Util.execute is deprecated; please use Puppet::Util::Execution.execute' 2013-12-04 22:54:44 +01:00
mh
19218d6b02 unify centos sshd config and update it to latest upstream 2013-11-29 11:17:31 +01:00
mh
a3aeb0d573 rather match the correct service than the parent pid
the last approach only matched if someone was logged in
with ssh. :/
2013-05-29 23:46:37 +02:00
Yoann Laissus
3c30e95985 Nagios disabled by default 2013-05-29 23:21:46 +02:00
mh
be062f00e2 on newer puppet version the openbsd service provider changed slightly making this necessary 2013-05-20 20:44:15 +02:00
mh
8ecac4219f Merge remote-tracking branch 'githubmirror/master' 2013-02-04 21:41:05 +01:00
duritong
ad6ecdffe7 Merge pull request #2 from mmoll/style
style fixes
2013-02-04 12:40:26 -08:00
Michael Moll
7743650cde style fixes
silence puppet-lint
2013-02-03 00:30:54 +01:00
varac
576bbf09d8 README upgrade notice 2013-01-09 00:01:15 +01:00
mh
ef73d094dc Merge commit '42fce2a4576dd97a270d4d875531b39920655edb' 2013-01-02 16:02:48 +01:00
mh
483ba331f3 Merge remote-tracking branch 'shared/master' 2013-01-02 15:53:41 +01:00
nadir
42fce2a457 added Ubuntu precise support 2012-11-07 18:17:27 +01:00
mh
ce47b742e2 fix variable name 2012-08-26 19:10:26 +02:00
mh
5b86606d59 correct variable naming 2012-06-18 17:43:48 -03:00
mh
d4db185c3f migrate away from hiera stuff 2012-06-13 21:52:44 -03:00
mh
8aab254eaa recmkdir is gone 2012-06-08 13:17:23 -03:00
mh
8d0127b219 new style for 2.7 2012-06-05 18:46:39 -03:00
mh
2204eb01f6 new style for 2.7 2012-06-05 18:23:03 -03:00
Silvio Rhatto
bd2e283ab5 Adding sshd_config for oneiric 2012-02-03 15:10:42 -02:00
mh
d5404bbdba remove legacy facts 2011-07-29 19:35:00 +02:00
mh
cb7cd9e314 Merge remote-tracking branch 'shared/master' 2011-07-29 19:31:41 +02:00
Silvio Rhatto
0e9e1b6f2c Adding PrintMotd parameter to all templates and setting per-distro default value 2011-07-21 11:01:33 -03:00
Gabriel Filion
89aeace9b6 Document the $sshd_shared_ip variable in the README
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-17 00:38:25 -04:00
Gabriel Filion
0822b5bfb5 Document the $sshd_print_motd variable in the README
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-17 00:28:54 -04:00
Gabriel Filion
69c8085470 Provide a default value for $sshd_shared_ip in sshd::client
Since it's possible to "include sshd::client" without using "include
sshd" (e.g. installing/managing ssh client but not the server) provide a
default value for $sshd_shared_ip also in the sshd::client class.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-17 00:21:44 -04:00
Gabriel Filion
6615426a49 Clean out $ssh_use_strong_ciphers
A tentative option from rhatto using the variable named
$ssh_use_strong_ciphers still has two lines in init.pp

Since the same functionality is provided by the variable
$ssh_hardened_ssl that was merged in the shared repository, rhatto
removed his feature. But there are still two lines left, so simply
remove them.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-16 23:49:11 -04:00
Gabriel Filion
a5312442b6 Enable $ssh_hardened_ssl for FreeBSD
It is the only sshd_config template that didn't have this option, so
copy it from the other templates.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-16 23:45:24 -04:00
Silvio Rhatto
b221570654 Updating FreeBSD template for new sshd_ports variable 2011-07-14 13:15:27 -03:00
Silvio Rhatto
57d8883d48 Removing sshd_use_strong_ciphers parameter as sshd_hardened_ssl does the job 2011-07-13 18:41:59 -03:00
Silvio Rhatto
99928cd61e Merge branch 'master' of git://labs.riseup.net/shared-sshd 2011-07-13 18:39:18 -03:00
Micah Anderson
779d27e0ae Merge remote-tracking branch 'lelutin/freebsd' 2011-06-21 11:46:42 -04:00
intrigeri
bbfc7c04ba Merge branch 'feature/debian_wheezy' 2011-06-21 00:28:44 +02:00
intrigeri
005baf59c5 Add sshd_config template for Debian Wheezy.
Currently, this is a symlink to the Debian sid's one, which I've recently
resync'd. Once Wheezy is frozen, we'll want to fork its own template.
2011-06-21 00:28:37 +02:00
intrigeri
34863e959f New opt-in support to only use strong SSL ciphers and MACs.
The new configuration variable is $sshd_hardened_ssl.
Settings were stolen from https://github.com/ioerror/duraconf.git.
2011-06-21 00:27:55 +02:00
mh
7a44f28880 we should pass the architecture to devel packages 2011-04-03 12:52:46 +02:00
Silvio Rhatto
4d73d3784e Changing strong cipher to aes128-crt 2011-02-23 14:46:20 -03:00
Silvio Rhatto
75105d66d8 Adding sshd_use_strong_ciphers to all sshd_config templates 2011-02-23 14:40:02 -03:00
Silvio Rhatto
9ac4697eb5 Changing parameter name sshd_perfect_forward_secrecy to sshd_use_strong_ciphers as sshd already does PFS 2011-02-23 14:25:18 -03:00
Micah Anderson
af76f6cfe7 Merge remote-tracking branch 'lelutin/ubuntu' 2011-02-22 16:11:36 -05:00
Gabriel Filion
95bf6e032b FreeBSD: Use variables for the Kerberos options
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-02-21 15:18:14 -05:00
Micah Anderson
ac240412cc remove HostbasedUsesNameFromPacketOnly yes from Debian sshd_config templates. This is not set in the Debian templates by default, and the default is actually no, not yes. If someone wishes to make a configuration variable they can, otherwise head/tail_additional options can be used 2011-02-21 12:45:49 -05:00
intrigeri
c99ff17b1f Resync Debian sid template with the Squeeze's one.
Currently, the only difference is LoginGraceTime, that defaults to 600 in sid.
2011-02-21 18:29:25 +01:00
intrigeri
6baed9bd81 Merge remote branch 'lelutin/debian_template' 2011-02-21 18:20:46 +01:00
Silvio Rhatto
85880085ff Updating lucid template with new ssh port scheme 2011-02-19 18:48:59 -02:00
Silvio Rhatto
474b23271d Merge branch 'master' of git://labs.riseup.net/shared-sshd
Conflicts:
	templates/sshd_config/Debian_squeeze.erb
2011-02-19 18:08:02 -02:00
Micah Anderson
e0d3cdbd36 Update README to include the ssh_keygen function 2011-02-19 14:18:02 -05:00
Micah Anderson
86f31fcff9 Pull together a more comprehensive README, moving the configurable variables from init.pp into the README, and detailing the other features, and requirements, of the module 2011-02-19 14:12:04 -05:00
intrigeri
2f7903bcc4 Merge remote branch 'shared/master'
Conflicts:
	templates/sshd_config/Debian_squeeze.erb

I always picked the shared repository version when conflicts arose.
The only exception to this rule was:
I kept my branch's "HostbasedUsesNameFromPacketOnly yes" in order
to be consistent with existing Etch and Lenny templates.
This is not the default Debian setting, but I would find it weird if a host
had this setting changed by Puppet after upgrading to Squeeze.
The right way to proceed would probably be to make this configurable.
2011-02-14 17:17:31 +01:00
intrigeri
7c046e3fdf Merge remote branch 'immerda/master' 2011-02-14 17:01:04 +01:00