opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
305 commits 2 branches 0 tags 297 KiB
Commit graph

305 commits

This branch
This branch
All branches
Author SHA1 Message Date
Micah Anderson
fd82841c1f Change 'hardened_ssl' paramter to simply 'hardened', this makes more 
sense in general
 2015-05-04 15:42:26 -04:00
Jerome Charaoui
b5e16ec064 Merge branch 'remove_lenny' into 'master' 
remove Debian Lenny support

See merge request !8
 2015-05-04 17:34:16 +00:00
Micah Anderson
42d4597ca9 remove Debian Lenny support 2015-05-01 12:49:37 -04:00
Antoine Beaupré
e9596d0f6d Merge remote-tracking branch 'micah/remove_etch' into shared 
Conflicts:
	templates/sshd_config/Debian_etch.erb
 2015-04-17 14:47:03 -04:00
Antoine Beaupré
d4923b2c3a Merge branch 'hostkey_type' into 'master' 
Hostkey type

This is the pull request associated with: https://labs.riseup.net/code/issues/8285

See merge request !6
 2015-04-17 18:43:16 +00:00
Micah Anderson
e2cad38276 remove etch support 2015-04-17 13:58:03 -04:00
Micah Anderson
953ad0f777 Add GPLv3 license 2015-04-17 11:29:11 -04:00
Micah Anderson
5c9ce49321 change the ssh_keygen function to use different methods depending on if 
its puppet 3 or puppet 2
 2015-03-27 15:27:12 -04:00
Micah Anderson
52fd60c9f6 Given that ssh -V prints the info we want on stderr, made it so we are 100% sure we are only parsing the expected string 2015-03-27 15:24:02 -04:00
Jerome Charaoui
dabbc89d37 Merge branch 'document_nagios_custom_logic' into 'master' 
Document nagios custom logic

Add some note for ppl who need to inject their own logic before creating nagios-related checks.

See merge request !5
 2015-03-02 15:37:03 +00:00
Gabriel Filion
52031ffb06 README: mention how one could reuse nagios resources with their own logic 
Some people might want to inject their own logic before including nagios
resources. We can explain that since the nagios resources are in their
own part of the manifests, they can shortcut the module's automatic
handling of it, and call it manually from their own manifests.
 2015-02-20 17:27:06 -05:00
Gabriel Filion
31ee7fec5a README: Change project URL to point at the new one 2015-02-20 17:24:12 -05:00
LeLutin
ded7f9540f Merge branch 'master' into 'master' 
Add RedHat_xenenterprise template symlink

See merge request !4
 2015-02-20 16:53:13 +00:00
Jerome Charaoui
62fe7c25f4 Add RedHat_xenenterprise template symlink 2015-01-22 11:20:49 -05:00
ng
2d6433e0ca Merge branch 'master' into 'master' 
Fix for Debian squeeze and ssh_keygen for Puppet < 3 installs

Facter versions that are shipping in Debian squeeze and wheezy do not support the operatingsystemmajrelease core fact, which appears only from facter 1.7 onwards.

This isn't a big problem for wheezy since the openssh-server version it ships supports multiple AuthorizedKeysFile file paths,

On Debian squeeze, openssh-server does NOT support multuple AuthorizedKeysFile and will refuse to start with such a definition.

ALSO:

`ssh_keygen` is currently broken for Puppet 2.7.x clients. This commit should resolve the issue.

The fix was suggested by @ng in reference to https://github.com/duritong/puppet-sysctl/blob/master/lib/puppet/provider/sysctl_runtime/sysctl_runtime.rb#L16-L17

See merge request !3
 2015-01-17 09:52:07 +00:00
Jerome Charaoui
1e4f46a35b Fix ssh_keygen for Puppet < 3 installs 2015-01-15 17:09:56 -05:00
Jerome Charaoui
45892056cd Debian squeeze and wheezy do not support the operatingsystemmajrelease fact (they ship facter 1.6.x) 2015-01-15 16:49:35 -05:00
Micah Anderson
d78749fd8f Add a $hostkey_type variable that allows you to set which hostkey 
types you want to support in your sshd_config.

We use the ssh_version fact to determine the default hostkey types.
Only enable rsa and ed25519 for ssh versions greater or equal
to 6.5, otherwise enable rsa and dsa.

Some distributions, such as debian, also enable ecdsa as a hostkey
type, but this is a known bad NIST curve, so we do not enable that
by default (thus deviating from the stock sshd config)
 2014-11-21 21:20:29 -05:00
Micah Anderson
03751baf8e add custom fact, providing ssh_version 2014-11-21 18:18:15 -05:00
Micah Anderson
ae9cf81188 Merge remote-tracking branch 'tails/feature/jessie-and-sid-templates' 2014-11-21 16:46:09 -05:00
Micah Anderson
4652fbcae0 Merge remote-tracking branch 'immerda/master' 2014-11-01 10:30:37 -04:00
Micah Anderson
37bd36fe06 Revert "get ecdsa host keys in Debian Wheezy" 
This reverts commit 1eabfe1b59.

These shitty NIST curves are no good
 2014-11-01 10:29:48 -04:00
intrigeri
254d2361f5 Copy the Debian sid template to a new one for Jessie. 
Another option could be to symlink it, but the freeze is coming soon, so most
likely they'll start to diverge at some point.
 2014-09-17 20:44:12 +00:00
intrigeri
75117dd042 Resynchronize Debian sid template with the configuration file currently shipped by the package. 2014-09-17 20:43:45 +00:00
mh
1f6f568930 move to os release number on centos for selection 2014-08-15 10:22:40 +02:00
mh
f19d1718b4 Openbsd also does not yet have it 2014-06-10 19:41:50 +02:00
mh
88c58b307c EL 6 also does not have this option yet 2014-06-10 19:28:19 +02:00
mh
4b7fc1a695 lintig a document 2014-06-10 18:31:11 +02:00
mh
0f9315b4f3 not all versions support the new default 2014-06-10 18:29:47 +02:00
mh
cd783ad5eb Merge remote-tracking branch 'shared/master' 
Conflicts:
	manifests/init.pp
 2014-06-10 11:25:16 +02:00
Micah Anderson
5c23b33200 update $authorized_keys_file variable default to be the default is 
documented by sshd_config(5)
 2014-05-27 16:43:47 -04:00
Micah Anderson
6b1044a0c7 add the ability to override the automatic inclusion of the sshd_client 2014-05-27 16:42:59 -04:00
mh
fb60c0c0c9 linting 2014-03-14 10:36:24 +01:00
mh
afb8ec7103 remove unnecessary param 2014-03-14 10:35:02 +01:00
Tomas Barton
59f1623786 renamed ipaddress_fact to sshkey_ipaddres 2014-02-21 14:37:55 +01:00
Tomas Barton
e2a69e56a1 too tired to type 2014-02-14 01:48:40 +01:00
Tomas Barton
2f12205c6b fixed variable name 2014-02-14 01:44:54 +01:00
Tomas Barton
a6a05cd9fc custom ip address fact 2014-02-14 01:24:15 +01:00
mh
253e4f1ced add test for options 2014-02-05 23:21:36 +01:00
mh
15a1a73462 wording 2014-02-05 23:17:36 +01:00
Tomas Barton
a0e961674b tests for ssh authorized key 2014-02-02 17:48:24 +01:00
duritong
dfc6d99c93 Merge pull request #7 from deric/more-tests 
More tests
 2014-02-01 06:52:23 -08:00
Tomas Barton
bf425e96b1 validate parameters 2014-01-27 00:16:27 +01:00
Tomas Barton
bf16ec7bc7 removed lsb-release package 2014-01-27 00:14:34 +01:00
Tomas Barton
9dc5a1db18 removed special no-restart status for etch 2014-01-27 00:04:33 +01:00
Tomas Barton
3fdd59f654 using fixtures.yml for linking folders 2014-01-26 18:35:44 +01:00
Tomas Barton
c1588ff6c3 test changing port 2014-01-26 18:26:35 +01:00
Tomas Barton
5ce0dcda97 client spec 2014-01-26 18:26:34 +01:00
Tomas Barton
550e78a4e6 ruby 1.8.7 compatibility 2014-01-26 18:26:34 +01:00
Tomas Barton
e935d75f62 removed shared-common from dependencies 2014-01-26 18:26:34 +01:00