aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2015-05-01 12:45:14 -0400
committerMicah Anderson <micah@riseup.net>2015-05-04 15:42:26 -0400
commitfd82841c1f03d22acf4ed448cd22743a785f573e (patch)
tree8489a024a0f9e8cbcd0a4af5a1b0a577a59bdc7d
parentb5e16ec06499e45b4efd9f7353bb31f3a972417e (diff)
downloadpuppet-sshd-fd82841c1f03d22acf4ed448cd22743a785f573e.tar.gz
puppet-sshd-fd82841c1f03d22acf4ed448cd22743a785f573e.tar.bz2
Change 'hardened_ssl' paramter to simply 'hardened', this makes more
sense in general
-rw-r--r--README.md8
-rw-r--r--manifests/init.pp2
-rw-r--r--templates/sshd_config/CentOS_6.erb2
-rw-r--r--templates/sshd_config/CentOS_7.erb2
-rw-r--r--templates/sshd_config/Debian_jessie.erb2
-rw-r--r--templates/sshd_config/Debian_sid.erb2
-rw-r--r--templates/sshd_config/Debian_squeeze.erb2
-rw-r--r--templates/sshd_config/Debian_wheezy.erb2
-rw-r--r--templates/sshd_config/FreeBSD.erb2
-rw-r--r--templates/sshd_config/Gentoo.erb2
-rw-r--r--templates/sshd_config/OpenBSD.erb2
-rw-r--r--templates/sshd_config/Ubuntu.erb2
-rw-r--r--templates/sshd_config/Ubuntu_lucid.erb2
13 files changed, 18 insertions, 14 deletions
diff --git a/README.md b/README.md
index cbe0bba..77e4d29 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,10 @@
This puppet module manages OpenSSH configuration and services.
+**!! Upgrade Notice (05/2015) !!**
+
+The hardened_ssl parameter name was changed to simply 'hardened'.
+
**!! Upgrade Notice (01/2013) !!**
This module now uses parameterized classes, where it used global variables
@@ -179,8 +183,8 @@ The following is a list of the currently available variables:
Set this to the location of the AuthorizedKeysFile
(e.g. `/etc/ssh/authorized_keys/%u`). Default: `AuthorizedKeysFile
%h/.ssh/authorized_keys`
- - `hardened_ssl`
- Use only strong SSL ciphers and MAC.
+ - `hardened`
+ Use only strong ciphers, MAC, KexAlgorithms, etc.
Values:
- `no` (default)
- `yes`
diff --git a/manifests/init.pp b/manifests/init.pp
index 0f8c472..2dfc71c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -40,7 +40,7 @@ class sshd(
OpenBSD => '%h/.ssh/authorized_keys',
default => '%h/.ssh/authorized_keys %h/.ssh/authorized_keys2',
},
- $hardened_ssl = 'no',
+ $hardened = 'no',
$sftp_subsystem = '',
$head_additional_options = '',
$tail_additional_options = '',
diff --git a/templates/sshd_config/CentOS_6.erb b/templates/sshd_config/CentOS_6.erb
index 47cb077..97e9a5b 100644
--- a/templates/sshd_config/CentOS_6.erb
+++ b/templates/sshd_config/CentOS_6.erb
@@ -150,7 +150,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %>
<%- end -%>
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr
MACs hmac-sha1
<% end -%>
diff --git a/templates/sshd_config/CentOS_7.erb b/templates/sshd_config/CentOS_7.erb
index 7db2277..cad9f59 100644
--- a/templates/sshd_config/CentOS_7.erb
+++ b/templates/sshd_config/CentOS_7.erb
@@ -164,7 +164,7 @@ AllowGroups <%= s %>
#Host *.local
# CheckHostIP no
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr
MACs hmac-sha1
<% end -%>
diff --git a/templates/sshd_config/Debian_jessie.erb b/templates/sshd_config/Debian_jessie.erb
index 033f409..ada3891 100644
--- a/templates/sshd_config/Debian_jessie.erb
+++ b/templates/sshd_config/Debian_jessie.erb
@@ -111,7 +111,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %>
<%- end -%>
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr
MACs hmac-sha1
<% end -%>
diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb
index 033f409..ada3891 100644
--- a/templates/sshd_config/Debian_sid.erb
+++ b/templates/sshd_config/Debian_sid.erb
@@ -111,7 +111,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %>
<%- end -%>
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr
MACs hmac-sha1
<% end -%>
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb
index 0ba323f..d42fac1 100644
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -115,7 +115,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %>
<%- end -%>
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr
MACs hmac-sha1
<% end -%>
diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb
index cd4bf48..4633c09 100644
--- a/templates/sshd_config/Debian_wheezy.erb
+++ b/templates/sshd_config/Debian_wheezy.erb
@@ -114,7 +114,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %>
<%- end -%>
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr
MACs hmac-sha1
<% end -%>
diff --git a/templates/sshd_config/FreeBSD.erb b/templates/sshd_config/FreeBSD.erb
index d4cd9b5..f5bd439 100644
--- a/templates/sshd_config/FreeBSD.erb
+++ b/templates/sshd_config/FreeBSD.erb
@@ -152,7 +152,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %>
<%- end -%>
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr
MACs hmac-sha1
<% end -%>
diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb
index 1cb4522..6e51b4c 100644
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -147,7 +147,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %>
<%- end -%>
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr
MACs hmac-sha1
<% end -%>
diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb
index aa92eb6..7577bac 100644
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -128,7 +128,7 @@ AllowGroups <%= s %>
# AllowTcpForwarding no
# ForceCommand cvs server
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr
MACs hmac-sha1
<% end -%>
diff --git a/templates/sshd_config/Ubuntu.erb b/templates/sshd_config/Ubuntu.erb
index 0ba323f..d42fac1 100644
--- a/templates/sshd_config/Ubuntu.erb
+++ b/templates/sshd_config/Ubuntu.erb
@@ -115,7 +115,7 @@ AllowUsers <%= s %>
AllowGroups <%= s %>
<%- end -%>
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr
MACs hmac-sha1
<% end -%>
diff --git a/templates/sshd_config/Ubuntu_lucid.erb b/templates/sshd_config/Ubuntu_lucid.erb
index cff95a7..1ed8fd7 100644
--- a/templates/sshd_config/Ubuntu_lucid.erb
+++ b/templates/sshd_config/Ubuntu_lucid.erb
@@ -118,7 +118,7 @@ AllowGroups <%= s %>
PrintMotd <%= scope.lookupvar('sshd::print_motd') %>
-<% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%>
+<% if scope.lookupvar('sshd::hardened') == 'yes' -%>
Ciphers aes256-ctr
MACs hmac-sha1
<% end -%>