diff options
author | Jerome Charaoui <jcharaoui@cmaisonneuve.qc.ca> | 2015-10-09 17:23:30 +0000 |
---|---|---|
committer | Jerome Charaoui <jcharaoui@cmaisonneuve.qc.ca> | 2015-10-09 17:23:30 +0000 |
commit | 571373e0817a6441fb53303736a4666f2a672f26 (patch) | |
tree | ffeb29d743bf2705bee2bc40f7829e29ca74b085 /templates/sshd_config/Ubuntu_lucid.erb | |
parent | e36a294dceb9504327af84c72f6fb6d4489aeea0 (diff) | |
parent | b682edaae3c4f44003fa188ff564c6ba4cd43927 (diff) | |
download | puppet-sshd-571373e0817a6441fb53303736a4666f2a672f26.tar.gz puppet-sshd-571373e0817a6441fb53303736a4666f2a672f26.tar.bz2 |
Merge branch 'disable_debian_banner' into 'master'
disable the debian/ubuntu package version from being sent to clients
dkg pointed out to riseup that our ssh servers were revealing the package version to clients, which is controlled by the DebianBanner config option. It exists in both Debian and Ubuntu and defaults to 'yes', so we explicitly set it to 'no' in the templates for those distros.
See merge request !17
Diffstat (limited to 'templates/sshd_config/Ubuntu_lucid.erb')
-rw-r--r-- | templates/sshd_config/Ubuntu_lucid.erb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/templates/sshd_config/Ubuntu_lucid.erb b/templates/sshd_config/Ubuntu_lucid.erb index 7544f00..be7c56d 100644 --- a/templates/sshd_config/Ubuntu_lucid.erb +++ b/templates/sshd_config/Ubuntu_lucid.erb @@ -88,6 +88,8 @@ KeepAlive yes #MaxStartups 10:30:60 #Banner /etc/issue.net +# do not reveal debian version (default is yes) +DebianBanner no #ReverseMappingCheck yes Subsystem sftp <%= (s=scope.lookupvar('::sshd::sftp_subsystem')).empty? ? '/usr/lib/openssh/sftp-server' : s %> |