Jerome Charaoui
45892056cd
Debian squeeze and wheezy do not support the operatingsystemmajrelease fact (they ship facter 1.6.x)
2015-01-15 16:49:35 -05:00
mh
f19d1718b4
Openbsd also does not yet have it
2014-06-10 19:41:50 +02:00
mh
88c58b307c
EL 6 also does not have this option yet
2014-06-10 19:28:19 +02:00
mh
4b7fc1a695
lintig a document
2014-06-10 18:31:11 +02:00
mh
0f9315b4f3
not all versions support the new default
2014-06-10 18:29:47 +02:00
mh
cd783ad5eb
Merge remote-tracking branch 'shared/master'
...
Conflicts:
manifests/init.pp
2014-06-10 11:25:16 +02:00
Micah Anderson
5c23b33200
update $authorized_keys_file variable default to be the default is
...
documented by sshd_config(5)
2014-05-27 16:43:47 -04:00
Micah Anderson
6b1044a0c7
add the ability to override the automatic inclusion of the sshd_client
2014-05-27 16:42:59 -04:00
Tomas Barton
59f1623786
renamed ipaddress_fact to sshkey_ipaddres
2014-02-21 14:37:55 +01:00
Tomas Barton
e2a69e56a1
too tired to type
2014-02-14 01:48:40 +01:00
Tomas Barton
a6a05cd9fc
custom ip address fact
2014-02-14 01:24:15 +01:00
Tomas Barton
bf425e96b1
validate parameters
2014-01-27 00:16:27 +01:00
Yoann Laissus
3c30e95985
Nagios disabled by default
2013-05-29 23:21:46 +02:00
Michael Moll
7743650cde
style fixes
...
silence puppet-lint
2013-02-03 00:30:54 +01:00
mh
d4db185c3f
migrate away from hiera stuff
2012-06-13 21:52:44 -03:00
mh
2204eb01f6
new style for 2.7
2012-06-05 18:23:03 -03:00
Silvio Rhatto
0e9e1b6f2c
Adding PrintMotd parameter to all templates and setting per-distro default value
2011-07-21 11:01:33 -03:00
Gabriel Filion
6615426a49
Clean out $ssh_use_strong_ciphers
...
A tentative option from rhatto using the variable named
$ssh_use_strong_ciphers still has two lines in init.pp
Since the same functionality is provided by the variable
$ssh_hardened_ssl that was merged in the shared repository, rhatto
removed his feature. But there are still two lines left, so simply
remove them.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-16 23:49:11 -04:00
Silvio Rhatto
99928cd61e
Merge branch 'master' of git://labs.riseup.net/shared-sshd
2011-07-13 18:39:18 -03:00
Micah Anderson
779d27e0ae
Merge remote-tracking branch 'lelutin/freebsd'
2011-06-21 11:46:42 -04:00
intrigeri
34863e959f
New opt-in support to only use strong SSL ciphers and MACs.
...
The new configuration variable is $sshd_hardened_ssl.
Settings were stolen from https://github.com/ioerror/duraconf.git .
2011-06-21 00:27:55 +02:00
Silvio Rhatto
9ac4697eb5
Changing parameter name sshd_perfect_forward_secrecy to sshd_use_strong_ciphers as sshd already does PFS
2011-02-23 14:25:18 -03:00
Silvio Rhatto
474b23271d
Merge branch 'master' of git://labs.riseup.net/shared-sshd
...
Conflicts:
templates/sshd_config/Debian_squeeze.erb
2011-02-19 18:08:02 -02:00
Micah Anderson
86f31fcff9
Pull together a more comprehensive README, moving the configurable variables from init.pp into the README, and detailing the other features, and requirements, of the module
2011-02-19 14:12:04 -05:00
intrigeri
2f7903bcc4
Merge remote branch 'shared/master'
...
Conflicts:
templates/sshd_config/Debian_squeeze.erb
I always picked the shared repository version when conflicts arose.
The only exception to this rule was:
I kept my branch's "HostbasedUsesNameFromPacketOnly yes" in order
to be consistent with existing Etch and Lenny templates.
This is not the default Debian setting, but I would find it weird if a host
had this setting changed by Puppet after upgrading to Squeeze.
The right way to proceed would probably be to make this configurable.
2011-02-14 17:17:31 +01:00
Silvio Rhatto
505692a72e
Merge branch 'master' of git://labs.riseup.net/shared-sshd
2011-02-13 15:13:10 -02:00
Gabriel Filion
7224e085a3
Fix inclusion for default os
...
When the os of a client is not one of those that use a specialized
class, (e.g. FreeBSD) the inclusion is currently broken: it tries to
include sshd::default which does not exist.
Change this to include sshd::base instead.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-01-30 21:15:35 -05:00
Silvio Rhatto
30a4593a05
Introducing perfect forward secrecy for SSH
2010-12-16 20:20:53 -02:00
Micah Anderson
0ec0562257
remote KerberosGetAFSToken, its actually not a functional configuration option, even though it is listed in the man page, and commented out in the default config file. I filed a bug with debian ( #607238 )
2010-12-15 20:38:07 -05:00
Micah Anderson
72e24df3b6
add Debian Squeeze sshd template. Enabled kerberos and gssapi options, using the defaults when not specified
2010-12-14 13:22:43 -05:00
mh
8f918b0e73
use parametrized class to pass ssh_ports to open up things
2010-10-20 23:46:14 +02:00
mh
d0d3d20e14
add nagios_check_ssh_hostname to tweak the hostname which whould be monitored, as this one might actually differ
2010-10-20 21:17:16 +02:00
mh
988a88f4e6
move define to own class
2010-10-20 20:56:15 +02:00
intrigeri
ceb1280177
Bugfix
2010-10-18 19:13:59 +02:00
intrigeri
5fb8eb969b
bugfix
2010-10-16 21:55:44 +02:00
intrigeri
ef093cafff
bugfix
2010-10-16 21:54:24 +02:00
intrigeri
a643172a79
New option sshd_ports that obsoletes sshd_port.
...
Backward compatibility is preserved.
2010-10-16 16:05:00 +02:00
Silvio Rhatto
5b77bf8123
Merge branch 'master' of git://labs.riseup.net/module_sshd
2010-02-25 14:52:32 -03:00
Micah Anderson
6b660a56a7
update nagios check_command to check ssh port. it was using ssh_port, it should be 'check_ssh_port'
2010-02-21 14:01:35 -05:00
Silvio Rhatto
1a26489a12
Renaming $sshd_internal_ip to $sshd_shared_ip
2010-01-30 21:32:12 -02:00
Silvio Rhatto
1e932ca927
Merge branch 'master' of git://labs.riseup.net/module_sshd
2009-12-28 11:18:54 -02:00
Micah Anderson
739c9d8e0e
Merge remote branch 'lavamind/master'
2009-12-27 16:27:20 -05:00
Silvio Rhatto
1fd1d896a0
Introducing sshd_internal_ip variable
2009-12-27 14:23:51 -02:00
Silvio Rhatto
bbc03d2c10
PrintMotd using default OpenSSH setting
2009-12-27 14:01:55 -02:00
Micah Anderson
ea1a34bd79
update comments to include information about how to use the nagios
...
checks and the pre-requirements
2009-12-21 15:00:10 -05:00
Micah Anderson
6b602886ef
fix the comments section so that the include isn't misleading. if you
...
use 'include sshd::debian', then none of the variables are set, and you
will fail to parse the templates
2009-12-19 03:30:16 -05:00
Jerome Charaoui
3c21e594e6
remove fqdn from nagios service description (hostname is used in the internal nagios_service name)
2009-12-18 14:38:01 -05:00
mh
1d595dd34c
false != 'false'
2009-12-11 09:45:35 +01:00
mh
5bdeab5848
re-add shorewall in rule :/
2009-12-10 23:45:12 +01:00
mh
bdf7bd334e
merged with riseup module, various cleaning up
2009-12-10 23:15:07 +01:00