opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
234 commits 2 branches 0 tags 297 KiB
Commit graph

142 commits

Author SHA1 Message Date
mh
d4db185c3f migrate away from hiera stuff 2012-06-13 21:52:44 -03:00
mh
2204eb01f6 new style for 2.7 2012-06-05 18:23:03 -03:00
Silvio Rhatto
0e9e1b6f2c Adding PrintMotd parameter to all templates and setting per-distro default value 2011-07-21 11:01:33 -03:00
Gabriel Filion
6615426a49 Clean out $ssh_use_strong_ciphers 
A tentative option from rhatto using the variable named
$ssh_use_strong_ciphers still has two lines in init.pp

Since the same functionality is provided by the variable
$ssh_hardened_ssl that was merged in the shared repository, rhatto
removed his feature. But there are still two lines left, so simply
remove them.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
 2011-07-16 23:49:11 -04:00
Silvio Rhatto
99928cd61e Merge branch 'master' of git://labs.riseup.net/shared-sshd 2011-07-13 18:39:18 -03:00
Micah Anderson
779d27e0ae Merge remote-tracking branch 'lelutin/freebsd' 2011-06-21 11:46:42 -04:00
intrigeri
34863e959f New opt-in support to only use strong SSL ciphers and MACs. 
The new configuration variable is $sshd_hardened_ssl.
Settings were stolen from https://github.com/ioerror/duraconf.git.
 2011-06-21 00:27:55 +02:00
Silvio Rhatto
9ac4697eb5 Changing parameter name sshd_perfect_forward_secrecy to sshd_use_strong_ciphers as sshd already does PFS 2011-02-23 14:25:18 -03:00
Silvio Rhatto
474b23271d Merge branch 'master' of git://labs.riseup.net/shared-sshd 
Conflicts:
	templates/sshd_config/Debian_squeeze.erb
 2011-02-19 18:08:02 -02:00
Micah Anderson
86f31fcff9 Pull together a more comprehensive README, moving the configurable variables from init.pp into the README, and detailing the other features, and requirements, of the module 2011-02-19 14:12:04 -05:00
intrigeri
2f7903bcc4 Merge remote branch 'shared/master' 
Conflicts:
	templates/sshd_config/Debian_squeeze.erb

I always picked the shared repository version when conflicts arose.
The only exception to this rule was:
I kept my branch's "HostbasedUsesNameFromPacketOnly yes" in order
to be consistent with existing Etch and Lenny templates.
This is not the default Debian setting, but I would find it weird if a host
had this setting changed by Puppet after upgrading to Squeeze.
The right way to proceed would probably be to make this configurable.
 2011-02-14 17:17:31 +01:00
Silvio Rhatto
505692a72e Merge branch 'master' of git://labs.riseup.net/shared-sshd 2011-02-13 15:13:10 -02:00
Gabriel Filion
7224e085a3 Fix inclusion for default os 
When the os of a client is not one of those that use a specialized
class, (e.g. FreeBSD) the inclusion is currently broken: it tries to
include sshd::default which does not exist.

Change this to include sshd::base instead.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
 2011-01-30 21:15:35 -05:00
Silvio Rhatto
30a4593a05 Introducing perfect forward secrecy for SSH 2010-12-16 20:20:53 -02:00
Micah Anderson
0ec0562257 remote KerberosGetAFSToken, its actually not a functional configuration option, even though it is listed in the man page, and commented out in the default config file. I filed a bug with debian (#607238) 2010-12-15 20:38:07 -05:00
Micah Anderson
72e24df3b6 add Debian Squeeze sshd template. Enabled kerberos and gssapi options, using the defaults when not specified 2010-12-14 13:22:43 -05:00
mh
8f918b0e73 use parametrized class to pass ssh_ports to open up things 2010-10-20 23:46:14 +02:00
mh
d0d3d20e14 add nagios_check_ssh_hostname to tweak the hostname which whould be monitored, as this one might actually differ 2010-10-20 21:17:16 +02:00
mh
988a88f4e6 move define to own class 2010-10-20 20:56:15 +02:00
intrigeri
ceb1280177 Bugfix 2010-10-18 19:13:59 +02:00
intrigeri
5fb8eb969b bugfix 2010-10-16 21:55:44 +02:00
intrigeri
ef093cafff bugfix 2010-10-16 21:54:24 +02:00
intrigeri
a643172a79 New option sshd_ports that obsoletes sshd_port. 
Backward compatibility is preserved.
 2010-10-16 16:05:00 +02:00
Silvio Rhatto
5b77bf8123 Merge branch 'master' of git://labs.riseup.net/module_sshd 2010-02-25 14:52:32 -03:00
Micah Anderson
6b660a56a7 update nagios check_command to check ssh port. it was using ssh_port, it should be 'check_ssh_port' 2010-02-21 14:01:35 -05:00
Silvio Rhatto
1a26489a12 Renaming $sshd_internal_ip to $sshd_shared_ip 2010-01-30 21:32:12 -02:00
Silvio Rhatto
1e932ca927 Merge branch 'master' of git://labs.riseup.net/module_sshd 2009-12-28 11:18:54 -02:00
Micah Anderson
739c9d8e0e Merge remote branch 'lavamind/master' 2009-12-27 16:27:20 -05:00
Silvio Rhatto
1fd1d896a0 Introducing sshd_internal_ip variable 2009-12-27 14:23:51 -02:00
Silvio Rhatto
bbc03d2c10 PrintMotd using default OpenSSH setting 2009-12-27 14:01:55 -02:00
Micah Anderson
ea1a34bd79 update comments to include information about how to use the nagios 
checks and the pre-requirements
 2009-12-21 15:00:10 -05:00
Micah Anderson
6b602886ef fix the comments section so that the include isn't misleading. if you 
use 'include sshd::debian', then none of the variables are set, and you
will fail to parse the templates
 2009-12-19 03:30:16 -05:00
Jerome Charaoui
3c21e594e6 remove fqdn from nagios service description (hostname is used in the internal nagios_service name) 2009-12-18 14:38:01 -05:00
mh
1d595dd34c false != 'false' 2009-12-11 09:45:35 +01:00
mh
5bdeab5848 re-add shorewall in rule :/ 2009-12-10 23:45:12 +01:00
mh
bdf7bd334e merged with riseup module, various cleaning up 2009-12-10 23:15:07 +01:00
mh
c8e0ef9ede better set the variables in the init 2009-12-07 16:04:22 -05:00
mh
5e20e07d1f factor everything into its own file 2009-12-07 16:03:55 -05:00
mh
62ba8525f1 do not quote default! 2009-12-07 16:03:49 -05:00
mh
e3cb846f32 try if setting a target fixes the problem 2009-12-07 16:03:46 -05:00
mh
d92fa75793 changed target behaviour 2009-12-07 16:03:42 -05:00
mh
6bf0a1bbc7 adjusted to new usage of booleans 2009-12-07 16:03:39 -05:00
mh
9e36776ee6 adjusted to new usage of booleans 2009-12-07 16:03:34 -05:00
Micah Anderson
6601c38296 Revert "fix missing curly brace" -- this was actually correct 
This reverts commit d4fba70a51.
 2009-10-01 18:30:02 -04:00
Micah Anderson
d4fba70a51 fix missing curly brace 2009-09-29 15:32:36 -04:00
Micah Anderson
2c3f632e90 fix previous change which took the client/server packages out of the linux class 
and instead allow for a version change through an if variable. thanks ng!
 2009-07-09 12:15:10 -04:00
Micah Anderson
55e0a6178b the sshd::linux class cannot also define the openssh package 
if we are to have the possibility of potentially overriding the version number it must be done in the base class
 2009-07-07 21:02:31 -04:00
Micah Anderson
dfebe2a9b5 make it possible to override what version of openssh-server and client are installed by providing the variable $sshd_ensure_version, which defaults to the previous value of present when not specified 2009-07-07 20:55:01 -04:00
Micah Anderson
f44776cbbf replace the sshd_additional_options variable with two, one called 
sshd_head_additional_options and one called sshd_tail_additional_options.
the first puts the value at the beginning of the file, and the second at
the end.

This is necessary due to some option ordering requiring things to be
before others
 2009-07-07 20:52:40 -04:00
Micah Anderson
5161c4332a Merge commit 'anarcat/master' 2008-12-07 12:17:12 -05:00