aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/facter/ssh_version.rb5
-rw-r--r--lib/puppet/parser/functions/ssh_keygen.rb1
-rw-r--r--manifests/init.pp4
-rw-r--r--templates/sshd_config/CentOS_7.erb6
-rw-r--r--templates/sshd_config/Debian_etch.erb4
-rw-r--r--templates/sshd_config/Debian_jessie.erb7
-rw-r--r--templates/sshd_config/Debian_sid.erb7
-rw-r--r--templates/sshd_config/Debian_squeeze.erb6
-rw-r--r--templates/sshd_config/Debian_wheezy.erb5
-rw-r--r--templates/sshd_config/FreeBSD.erb5
-rw-r--r--templates/sshd_config/Ubuntu.erb6
-rw-r--r--templates/sshd_config/Ubuntu_lucid.erb6
12 files changed, 41 insertions, 21 deletions
diff --git a/lib/facter/ssh_version.rb b/lib/facter/ssh_version.rb
new file mode 100644
index 0000000..51d8a00
--- /dev/null
+++ b/lib/facter/ssh_version.rb
@@ -0,0 +1,5 @@
+Facter.add("ssh_version") do
+ setcode do
+ ssh_version = Facter::Util::Resolution.exec('ssh -V 2>&1 1>/dev/null').chomp.split(' ')[0].split('_')[1]
+ end
+end
diff --git a/lib/puppet/parser/functions/ssh_keygen.rb b/lib/puppet/parser/functions/ssh_keygen.rb
index 87a3452..e304f24 100644
--- a/lib/puppet/parser/functions/ssh_keygen.rb
+++ b/lib/puppet/parser/functions/ssh_keygen.rb
@@ -27,3 +27,4 @@ Puppet::Parser::Functions::newfunction(:ssh_keygen, :type => :rvalue, :doc =>
end
[File.read(private_key_path),File.read(public_key_path)]
end
+
diff --git a/manifests/init.pp b/manifests/init.pp
index 666b5ac..0f8c472 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -49,6 +49,10 @@ class sshd(
$shorewall_source = 'net',
$sshkey_ipaddress = $::ipaddress,
$manage_client = true,
+ $hostkey_type = versioncmp($::ssh_version, '6.5') ? {
+ /(^1|0)/ => [ 'rsa', 'ed25519' ],
+ /-1/ => [ 'rsa', 'dsa' ]
+ }
) {
validate_bool($manage_shorewall)
diff --git a/templates/sshd_config/CentOS_7.erb b/templates/sshd_config/CentOS_7.erb
index 1a2e339..7db2277 100644
--- a/templates/sshd_config/CentOS_7.erb
+++ b/templates/sshd_config/CentOS_7.erb
@@ -35,9 +35,9 @@ ListenAddress <%= address %>
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb
index ef4a5d1..104e641 100644
--- a/templates/sshd_config/Debian_etch.erb
+++ b/templates/sshd_config/Debian_etch.erb
@@ -20,6 +20,10 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
+
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
diff --git a/templates/sshd_config/Debian_jessie.erb b/templates/sshd_config/Debian_jessie.erb
index d717856..033f409 100644
--- a/templates/sshd_config/Debian_jessie.erb
+++ b/templates/sshd_config/Debian_jessie.erb
@@ -22,10 +22,9 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb
index d717856..033f409 100644
--- a/templates/sshd_config/Debian_sid.erb
+++ b/templates/sshd_config/Debian_sid.erb
@@ -22,10 +22,9 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb
index befd25f..0ba323f 100644
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -22,8 +22,10 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
+
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb
index 70bb4bf..cd4bf48 100644
--- a/templates/sshd_config/Debian_wheezy.erb
+++ b/templates/sshd_config/Debian_wheezy.erb
@@ -22,8 +22,9 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
diff --git a/templates/sshd_config/FreeBSD.erb b/templates/sshd_config/FreeBSD.erb
index 090149b..d4cd9b5 100644
--- a/templates/sshd_config/FreeBSD.erb
+++ b/templates/sshd_config/FreeBSD.erb
@@ -40,8 +40,9 @@ Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
diff --git a/templates/sshd_config/Ubuntu.erb b/templates/sshd_config/Ubuntu.erb
index befd25f..0ba323f 100644
--- a/templates/sshd_config/Ubuntu.erb
+++ b/templates/sshd_config/Ubuntu.erb
@@ -22,8 +22,10 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
+
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
diff --git a/templates/sshd_config/Ubuntu_lucid.erb b/templates/sshd_config/Ubuntu_lucid.erb
index cc6e921..cff95a7 100644
--- a/templates/sshd_config/Ubuntu_lucid.erb
+++ b/templates/sshd_config/Ubuntu_lucid.erb
@@ -20,8 +20,10 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
+
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 17:35:33 +0000