aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJerome Charaoui <jcharaoui@cmaisonneuve.qc.ca>2015-10-09 17:23:30 +0000
committerJerome Charaoui <jcharaoui@cmaisonneuve.qc.ca>2015-10-09 17:23:30 +0000
commit571373e0817a6441fb53303736a4666f2a672f26 (patch)
treeffeb29d743bf2705bee2bc40f7829e29ca74b085
parente36a294dceb9504327af84c72f6fb6d4489aeea0 (diff)
parentb682edaae3c4f44003fa188ff564c6ba4cd43927 (diff)
downloadpuppet-sshd-571373e0817a6441fb53303736a4666f2a672f26.tar.gz
puppet-sshd-571373e0817a6441fb53303736a4666f2a672f26.tar.bz2
Merge branch 'disable_debian_banner' into 'master'
disable the debian/ubuntu package version from being sent to clients dkg pointed out to riseup that our ssh servers were revealing the package version to clients, which is controlled by the DebianBanner config option. It exists in both Debian and Ubuntu and defaults to 'yes', so we explicitly set it to 'no' in the templates for those distros. See merge request !17
-rw-r--r--templates/sshd_config/Debian_jessie.erb2
-rw-r--r--templates/sshd_config/Debian_sid.erb2
-rw-r--r--templates/sshd_config/Debian_squeeze.erb2
-rw-r--r--templates/sshd_config/Debian_wheezy.erb2
-rw-r--r--templates/sshd_config/Ubuntu.erb2
-rw-r--r--templates/sshd_config/Ubuntu_lucid.erb2
6 files changed, 12 insertions, 0 deletions
diff --git a/templates/sshd_config/Debian_jessie.erb b/templates/sshd_config/Debian_jessie.erb
index 0f39252..91dbfff 100644
--- a/templates/sshd_config/Debian_jessie.erb
+++ b/templates/sshd_config/Debian_jessie.erb
@@ -83,6 +83,8 @@ TCPKeepAlive yes
#MaxStartups 10:30:60
#Banner /etc/issue.net
+# do not reveal debian version (default is yes)
+DebianBanner no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb
index 0f39252..91dbfff 100644
--- a/templates/sshd_config/Debian_sid.erb
+++ b/templates/sshd_config/Debian_sid.erb
@@ -83,6 +83,8 @@ TCPKeepAlive yes
#MaxStartups 10:30:60
#Banner /etc/issue.net
+# do not reveal debian version (default is yes)
+DebianBanner no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb
index 1483480..649b320 100644
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -87,6 +87,8 @@ TCPKeepAlive yes
#MaxStartups 10:30:60
#Banner /etc/issue.net
+# do not reveal debian version (default is yes)
+DebianBanner no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb
index bf52df7..bcb1528 100644
--- a/templates/sshd_config/Debian_wheezy.erb
+++ b/templates/sshd_config/Debian_wheezy.erb
@@ -86,6 +86,8 @@ TCPKeepAlive yes
#MaxStartups 10:30:60
#Banner /etc/issue.net
+# do not reveal debian version (default is yes)
+DebianBanner no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
diff --git a/templates/sshd_config/Ubuntu.erb b/templates/sshd_config/Ubuntu.erb
index c71e00b..a326ab8 100644
--- a/templates/sshd_config/Ubuntu.erb
+++ b/templates/sshd_config/Ubuntu.erb
@@ -87,6 +87,8 @@ TCPKeepAlive yes
#MaxStartups 10:30:60
#Banner /etc/issue.net
+# do not reveal debian version (default is yes)
+DebianBanner no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
diff --git a/templates/sshd_config/Ubuntu_lucid.erb b/templates/sshd_config/Ubuntu_lucid.erb
index 7544f00..be7c56d 100644
--- a/templates/sshd_config/Ubuntu_lucid.erb
+++ b/templates/sshd_config/Ubuntu_lucid.erb
@@ -88,6 +88,8 @@ KeepAlive yes
#MaxStartups 10:30:60
#Banner /etc/issue.net
+# do not reveal debian version (default is yes)
+DebianBanner no
#ReverseMappingCheck yes
Subsystem sftp <%= (s=scope.lookupvar('::sshd::sftp_subsystem')).empty? ? '/usr/lib/openssh/sftp-server' : s %>