Merge branch 'hostkey_type' into 'master'

Hostkey type This is the pull request associated with: https://labs.riseup.net/code/issues/8285 See merge request !6
author: Antoine Beaupré <anarcat+gitlab@anarc.at> 2015-04-17 18:43:16 +0000
committer: Antoine Beaupré <anarcat+gitlab@anarc.at> 2015-04-17 18:43:16 +0000
commit: d4923b2c3ad74d813a9a2e5b39b6fa171ee95bc0 (patch)
tree: d5827edd094604c5b73630fc0be7a5dd3bd7a833
parent: 953ad0f7773da4ba90df9e049eaa6e61cdcaaffe (diff)
parent: 5c9ce49321f4ea5d502eca98d9e9a23bae57b1da (diff)
download: puppet-sshd-d4923b2c3ad74d813a9a2e5b39b6fa171ee95bc0.tar.gz
puppet-sshd-d4923b2c3ad74d813a9a2e5b39b6fa171ee95bc0.tar.bz2
12 files changed, 41 insertions, 21 deletions
diff --git a/lib/facter/ssh_version.rb b/lib/facter/ssh_version.rb
new file mode 100644
index 0000000..51d8a00
--- /dev/null
+++ b/lib/facter/ssh_version.rb
@@ -0,0 +1,5 @@
+Facter.add("ssh_version") do
+  setcode do
+    ssh_version = Facter::Util::Resolution.exec('ssh -V 2>&1 1>/dev/null').chomp.split(' ')[0].split('_')[1]
+  end
+end
diff --git a/lib/puppet/parser/functions/ssh_keygen.rb b/lib/puppet/parser/functions/ssh_keygen.rb
index 87a3452..e304f24 100644
--- a/lib/puppet/parser/functions/ssh_keygen.rb
+++ b/lib/puppet/parser/functions/ssh_keygen.rb
@@ -27,3 +27,4 @@ Puppet::Parser::Functions::newfunction(:ssh_keygen, :type => :rvalue, :doc =>
     end
     [File.read(private_key_path),File.read(public_key_path)]
 end
+
diff --git a/manifests/init.pp b/manifests/init.pp
index 666b5ac..0f8c472 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -49,6 +49,10 @@ class sshd(
   $shorewall_source = 'net',
   $sshkey_ipaddress = $::ipaddress,
   $manage_client = true,
+  $hostkey_type = versioncmp($::ssh_version, '6.5') ? {
+    /(^1|0)/ => [ 'rsa', 'ed25519' ],
+    /-1/    => [ 'rsa', 'dsa' ]
+  }
 ) {
 
   validate_bool($manage_shorewall)
diff --git a/templates/sshd_config/CentOS_7.erb b/templates/sshd_config/CentOS_7.erb
index 1a2e339..7db2277 100644
--- a/templates/sshd_config/CentOS_7.erb
+++ b/templates/sshd_config/CentOS_7.erb
@@ -35,9 +35,9 @@ ListenAddress <%= address %>
 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
 # HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
 
 # Lifetime and size of ephemeral version 1 server key
 #KeyRegenerationInterval 1h
diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb
index ef4a5d1..104e641 100644
--- a/templates/sshd_config/Debian_etch.erb
+++ b/templates/sshd_config/Debian_etch.erb
@@ -20,6 +20,10 @@ ListenAddress <%= address %>
 <% end -%>
 Protocol 2
 # HostKeys for protocol version 2
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
+
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
 #Privilege Separation is turned on for security
diff --git a/templates/sshd_config/Debian_jessie.erb b/templates/sshd_config/Debian_jessie.erb
index d717856..033f409 100644
--- a/templates/sshd_config/Debian_jessie.erb
+++ b/templates/sshd_config/Debian_jessie.erb
@@ -22,10 +22,9 @@ ListenAddress <%= address %>
 <% end -%>
 Protocol 2
 # HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 
diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb
index d717856..033f409 100644
--- a/templates/sshd_config/Debian_sid.erb
+++ b/templates/sshd_config/Debian_sid.erb
@@ -22,10 +22,9 @@ ListenAddress <%= address %>
 <% end -%>
 Protocol 2
 # HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb
index befd25f..0ba323f 100644
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -22,8 +22,10 @@ ListenAddress <%= address %>
 <% end -%>
 Protocol 2
 # HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
+
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 
diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb
index 70bb4bf..cd4bf48 100644
--- a/templates/sshd_config/Debian_wheezy.erb
+++ b/templates/sshd_config/Debian_wheezy.erb
@@ -22,8 +22,9 @@ ListenAddress <%= address %>
 <% end -%>
 Protocol 2
 # HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 
diff --git a/templates/sshd_config/FreeBSD.erb b/templates/sshd_config/FreeBSD.erb
index 090149b..d4cd9b5 100644
--- a/templates/sshd_config/FreeBSD.erb
+++ b/templates/sshd_config/FreeBSD.erb
@@ -40,8 +40,9 @@ Protocol 2
 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
 # HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
 
 # Lifetime and size of ephemeral version 1 server key
 #KeyRegenerationInterval 1h
diff --git a/templates/sshd_config/Ubuntu.erb b/templates/sshd_config/Ubuntu.erb
index befd25f..0ba323f 100644
--- a/templates/sshd_config/Ubuntu.erb
+++ b/templates/sshd_config/Ubuntu.erb
@@ -22,8 +22,10 @@ ListenAddress <%= address %>
 <% end -%>
 Protocol 2
 # HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
+
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 
diff --git a/templates/sshd_config/Ubuntu_lucid.erb b/templates/sshd_config/Ubuntu_lucid.erb
index cc6e921..cff95a7 100644
--- a/templates/sshd_config/Ubuntu_lucid.erb
+++ b/templates/sshd_config/Ubuntu_lucid.erb
@@ -20,8 +20,10 @@ ListenAddress <%= address %>
 <% end -%>
 Protocol 2
 # HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
+
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
author	Antoine Beaupré <anarcat+gitlab@anarc.at>	2015-04-17 18:43:16 +0000
committer	Antoine Beaupré <anarcat+gitlab@anarc.at>	2015-04-17 18:43:16 +0000
commit	d4923b2c3ad74d813a9a2e5b39b6fa171ee95bc0 (patch)
tree	d5827edd094604c5b73630fc0be7a5dd3bd7a833
parent	953ad0f7773da4ba90df9e049eaa6e61cdcaaffe (diff)
parent	5c9ce49321f4ea5d502eca98d9e9a23bae57b1da (diff)
download	puppet-sshd-d4923b2c3ad74d813a9a2e5b39b6fa171ee95bc0.tar.gz puppet-sshd-d4923b2c3ad74d813a9a2e5b39b6fa171ee95bc0.tar.bz2