diff options
author | Jerome Charaoui <jcharaoui@cmaisonneuve.qc.ca> | 2015-10-09 17:23:30 +0000 |
---|---|---|
committer | Jerome Charaoui <jcharaoui@cmaisonneuve.qc.ca> | 2015-10-09 17:23:30 +0000 |
commit | 571373e0817a6441fb53303736a4666f2a672f26 (patch) | |
tree | ffeb29d743bf2705bee2bc40f7829e29ca74b085 | |
parent | e36a294dceb9504327af84c72f6fb6d4489aeea0 (diff) | |
parent | b682edaae3c4f44003fa188ff564c6ba4cd43927 (diff) | |
download | puppet-sshd-571373e0817a6441fb53303736a4666f2a672f26.tar.gz puppet-sshd-571373e0817a6441fb53303736a4666f2a672f26.tar.bz2 |
Merge branch 'disable_debian_banner' into 'master'
disable the debian/ubuntu package version from being sent to clients
dkg pointed out to riseup that our ssh servers were revealing the package version to clients, which is controlled by the DebianBanner config option. It exists in both Debian and Ubuntu and defaults to 'yes', so we explicitly set it to 'no' in the templates for those distros.
See merge request !17
-rw-r--r-- | templates/sshd_config/Debian_jessie.erb | 2 | ||||
-rw-r--r-- | templates/sshd_config/Debian_sid.erb | 2 | ||||
-rw-r--r-- | templates/sshd_config/Debian_squeeze.erb | 2 | ||||
-rw-r--r-- | templates/sshd_config/Debian_wheezy.erb | 2 | ||||
-rw-r--r-- | templates/sshd_config/Ubuntu.erb | 2 | ||||
-rw-r--r-- | templates/sshd_config/Ubuntu_lucid.erb | 2 |
6 files changed, 12 insertions, 0 deletions
diff --git a/templates/sshd_config/Debian_jessie.erb b/templates/sshd_config/Debian_jessie.erb index 0f39252..91dbfff 100644 --- a/templates/sshd_config/Debian_jessie.erb +++ b/templates/sshd_config/Debian_jessie.erb @@ -83,6 +83,8 @@ TCPKeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no # Allow client to pass locale environment variables AcceptEnv LANG LC_* diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb index 0f39252..91dbfff 100644 --- a/templates/sshd_config/Debian_sid.erb +++ b/templates/sshd_config/Debian_sid.erb @@ -83,6 +83,8 @@ TCPKeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no # Allow client to pass locale environment variables AcceptEnv LANG LC_* diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb index 1483480..649b320 100644 --- a/templates/sshd_config/Debian_squeeze.erb +++ b/templates/sshd_config/Debian_squeeze.erb @@ -87,6 +87,8 @@ TCPKeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no # Allow client to pass locale environment variables AcceptEnv LANG LC_* diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb index bf52df7..bcb1528 100644 --- a/templates/sshd_config/Debian_wheezy.erb +++ b/templates/sshd_config/Debian_wheezy.erb @@ -86,6 +86,8 @@ TCPKeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no # Allow client to pass locale environment variables AcceptEnv LANG LC_* diff --git a/templates/sshd_config/Ubuntu.erb b/templates/sshd_config/Ubuntu.erb index c71e00b..a326ab8 100644 --- a/templates/sshd_config/Ubuntu.erb +++ b/templates/sshd_config/Ubuntu.erb @@ -87,6 +87,8 @@ TCPKeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no # Allow client to pass locale environment variables AcceptEnv LANG LC_* diff --git a/templates/sshd_config/Ubuntu_lucid.erb b/templates/sshd_config/Ubuntu_lucid.erb index 7544f00..be7c56d 100644 --- a/templates/sshd_config/Ubuntu_lucid.erb +++ b/templates/sshd_config/Ubuntu_lucid.erb @@ -88,6 +88,8 @@ KeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no #ReverseMappingCheck yes Subsystem sftp <%= (s=scope.lookupvar('::sshd::sftp_subsystem')).empty? ? '/usr/lib/openssh/sftp-server' : s %> |