Commit-Graf

156 commits

Upphovsman SHA1 Meddelande Datum
Jerome Charaoui
45892056cd Debian squeeze and wheezy do not support the operatingsystemmajrelease fact (they ship facter 1.6.x) 2015-01-15 16:49:35 -05:00
mh
f19d1718b4 Openbsd also does not yet have it 2014-06-10 19:41:50 +02:00
mh
88c58b307c EL 6 also does not have this option yet 2014-06-10 19:28:19 +02:00
mh
4b7fc1a695 lintig a document 2014-06-10 18:31:11 +02:00
mh
0f9315b4f3 not all versions support the new default 2014-06-10 18:29:47 +02:00
mh
cd783ad5eb Merge remote-tracking branch 'shared/master'
Conflicts:
	manifests/init.pp
2014-06-10 11:25:16 +02:00
Micah Anderson
5c23b33200 update $authorized_keys_file variable default to be the default is
documented by sshd_config(5)
2014-05-27 16:43:47 -04:00
Micah Anderson
6b1044a0c7 add the ability to override the automatic inclusion of the sshd_client 2014-05-27 16:42:59 -04:00
Tomas Barton
59f1623786 renamed ipaddress_fact to sshkey_ipaddres 2014-02-21 14:37:55 +01:00
Tomas Barton
e2a69e56a1 too tired to type 2014-02-14 01:48:40 +01:00
Tomas Barton
a6a05cd9fc custom ip address fact 2014-02-14 01:24:15 +01:00
Tomas Barton
bf425e96b1 validate parameters 2014-01-27 00:16:27 +01:00
Yoann Laissus
3c30e95985 Nagios disabled by default 2013-05-29 23:21:46 +02:00
Michael Moll
7743650cde style fixes
silence puppet-lint
2013-02-03 00:30:54 +01:00
mh
d4db185c3f migrate away from hiera stuff 2012-06-13 21:52:44 -03:00
mh
2204eb01f6 new style for 2.7 2012-06-05 18:23:03 -03:00
Silvio Rhatto
0e9e1b6f2c Adding PrintMotd parameter to all templates and setting per-distro default value 2011-07-21 11:01:33 -03:00
Gabriel Filion
6615426a49 Clean out $ssh_use_strong_ciphers
A tentative option from rhatto using the variable named
$ssh_use_strong_ciphers still has two lines in init.pp

Since the same functionality is provided by the variable
$ssh_hardened_ssl that was merged in the shared repository, rhatto
removed his feature. But there are still two lines left, so simply
remove them.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-16 23:49:11 -04:00
Silvio Rhatto
99928cd61e Merge branch 'master' of git://labs.riseup.net/shared-sshd 2011-07-13 18:39:18 -03:00
Micah Anderson
779d27e0ae Merge remote-tracking branch 'lelutin/freebsd' 2011-06-21 11:46:42 -04:00
intrigeri
34863e959f New opt-in support to only use strong SSL ciphers and MACs.
The new configuration variable is $sshd_hardened_ssl.
Settings were stolen from https://github.com/ioerror/duraconf.git.
2011-06-21 00:27:55 +02:00
Silvio Rhatto
9ac4697eb5 Changing parameter name sshd_perfect_forward_secrecy to sshd_use_strong_ciphers as sshd already does PFS 2011-02-23 14:25:18 -03:00
Silvio Rhatto
474b23271d Merge branch 'master' of git://labs.riseup.net/shared-sshd
Conflicts:
	templates/sshd_config/Debian_squeeze.erb
2011-02-19 18:08:02 -02:00
Micah Anderson
86f31fcff9 Pull together a more comprehensive README, moving the configurable variables from init.pp into the README, and detailing the other features, and requirements, of the module 2011-02-19 14:12:04 -05:00
intrigeri
2f7903bcc4 Merge remote branch 'shared/master'
Conflicts:
	templates/sshd_config/Debian_squeeze.erb

I always picked the shared repository version when conflicts arose.
The only exception to this rule was:
I kept my branch's "HostbasedUsesNameFromPacketOnly yes" in order
to be consistent with existing Etch and Lenny templates.
This is not the default Debian setting, but I would find it weird if a host
had this setting changed by Puppet after upgrading to Squeeze.
The right way to proceed would probably be to make this configurable.
2011-02-14 17:17:31 +01:00
Silvio Rhatto
505692a72e Merge branch 'master' of git://labs.riseup.net/shared-sshd 2011-02-13 15:13:10 -02:00
Gabriel Filion
7224e085a3 Fix inclusion for default os
When the os of a client is not one of those that use a specialized
class, (e.g. FreeBSD) the inclusion is currently broken: it tries to
include sshd::default which does not exist.

Change this to include sshd::base instead.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-01-30 21:15:35 -05:00
Silvio Rhatto
30a4593a05 Introducing perfect forward secrecy for SSH 2010-12-16 20:20:53 -02:00
Micah Anderson
0ec0562257 remote KerberosGetAFSToken, its actually not a functional configuration option, even though it is listed in the man page, and commented out in the default config file. I filed a bug with debian (#607238) 2010-12-15 20:38:07 -05:00
Micah Anderson
72e24df3b6 add Debian Squeeze sshd template. Enabled kerberos and gssapi options, using the defaults when not specified 2010-12-14 13:22:43 -05:00
mh
8f918b0e73 use parametrized class to pass ssh_ports to open up things 2010-10-20 23:46:14 +02:00
mh
d0d3d20e14 add nagios_check_ssh_hostname to tweak the hostname which whould be monitored, as this one might actually differ 2010-10-20 21:17:16 +02:00
mh
988a88f4e6 move define to own class 2010-10-20 20:56:15 +02:00
intrigeri
ceb1280177 Bugfix 2010-10-18 19:13:59 +02:00
intrigeri
5fb8eb969b bugfix 2010-10-16 21:55:44 +02:00
intrigeri
ef093cafff bugfix 2010-10-16 21:54:24 +02:00
intrigeri
a643172a79 New option sshd_ports that obsoletes sshd_port.
Backward compatibility is preserved.
2010-10-16 16:05:00 +02:00
Silvio Rhatto
5b77bf8123 Merge branch 'master' of git://labs.riseup.net/module_sshd 2010-02-25 14:52:32 -03:00
Micah Anderson
6b660a56a7 update nagios check_command to check ssh port. it was using ssh_port, it should be 'check_ssh_port' 2010-02-21 14:01:35 -05:00
Silvio Rhatto
1a26489a12 Renaming $sshd_internal_ip to $sshd_shared_ip 2010-01-30 21:32:12 -02:00
Silvio Rhatto
1e932ca927 Merge branch 'master' of git://labs.riseup.net/module_sshd 2009-12-28 11:18:54 -02:00
Micah Anderson
739c9d8e0e Merge remote branch 'lavamind/master' 2009-12-27 16:27:20 -05:00
Silvio Rhatto
1fd1d896a0 Introducing sshd_internal_ip variable 2009-12-27 14:23:51 -02:00
Silvio Rhatto
bbc03d2c10 PrintMotd using default OpenSSH setting 2009-12-27 14:01:55 -02:00
Micah Anderson
ea1a34bd79 update comments to include information about how to use the nagios
checks and the pre-requirements
2009-12-21 15:00:10 -05:00
Micah Anderson
6b602886ef fix the comments section so that the include isn't misleading. if you
use 'include sshd::debian', then none of the variables are set, and you
will fail to parse the templates
2009-12-19 03:30:16 -05:00
Jerome Charaoui
3c21e594e6 remove fqdn from nagios service description (hostname is used in the internal nagios_service name) 2009-12-18 14:38:01 -05:00
mh
1d595dd34c false != 'false' 2009-12-11 09:45:35 +01:00
mh
5bdeab5848 re-add shorewall in rule :/ 2009-12-10 23:45:12 +01:00
mh
bdf7bd334e merged with riseup module, various cleaning up 2009-12-10 23:15:07 +01:00