aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/init.pp4
-rw-r--r--templates/sshd_config/CentOS_7.erb6
-rw-r--r--templates/sshd_config/Debian_etch.erb4
-rw-r--r--templates/sshd_config/Debian_jessie.erb7
-rw-r--r--templates/sshd_config/Debian_sid.erb7
-rw-r--r--templates/sshd_config/Debian_squeeze.erb6
-rw-r--r--templates/sshd_config/Debian_wheezy.erb5
-rw-r--r--templates/sshd_config/FreeBSD.erb5
-rw-r--r--templates/sshd_config/Ubuntu.erb6
-rw-r--r--templates/sshd_config/Ubuntu_lucid.erb6
10 files changed, 35 insertions, 21 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 5a38293..2455887 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -49,6 +49,10 @@ class sshd(
$shorewall_source = 'net',
$sshkey_ipaddress = $::ipaddress,
$manage_client = true,
+ $hostkey_type = versioncmp($::ssh_version, '6.5') ? {
+ /(^1|0)/ => [ 'rsa', 'ed25519' ],
+ /-1/ => [ 'rsa', 'dsa' ]
+ }
) {
validate_bool($manage_shorewall)
diff --git a/templates/sshd_config/CentOS_7.erb b/templates/sshd_config/CentOS_7.erb
index 1a2e339..7db2277 100644
--- a/templates/sshd_config/CentOS_7.erb
+++ b/templates/sshd_config/CentOS_7.erb
@@ -35,9 +35,9 @@ ListenAddress <%= address %>
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb
index ef4a5d1..104e641 100644
--- a/templates/sshd_config/Debian_etch.erb
+++ b/templates/sshd_config/Debian_etch.erb
@@ -20,6 +20,10 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
+
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
diff --git a/templates/sshd_config/Debian_jessie.erb b/templates/sshd_config/Debian_jessie.erb
index d717856..033f409 100644
--- a/templates/sshd_config/Debian_jessie.erb
+++ b/templates/sshd_config/Debian_jessie.erb
@@ -22,10 +22,9 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb
index d717856..033f409 100644
--- a/templates/sshd_config/Debian_sid.erb
+++ b/templates/sshd_config/Debian_sid.erb
@@ -22,10 +22,9 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb
index befd25f..0ba323f 100644
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -22,8 +22,10 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
+
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb
index 70bb4bf..cd4bf48 100644
--- a/templates/sshd_config/Debian_wheezy.erb
+++ b/templates/sshd_config/Debian_wheezy.erb
@@ -22,8 +22,9 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
diff --git a/templates/sshd_config/FreeBSD.erb b/templates/sshd_config/FreeBSD.erb
index 090149b..d4cd9b5 100644
--- a/templates/sshd_config/FreeBSD.erb
+++ b/templates/sshd_config/FreeBSD.erb
@@ -40,8 +40,9 @@ Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
diff --git a/templates/sshd_config/Ubuntu.erb b/templates/sshd_config/Ubuntu.erb
index befd25f..0ba323f 100644
--- a/templates/sshd_config/Ubuntu.erb
+++ b/templates/sshd_config/Ubuntu.erb
@@ -22,8 +22,10 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
+
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
diff --git a/templates/sshd_config/Ubuntu_lucid.erb b/templates/sshd_config/Ubuntu_lucid.erb
index cc6e921..cff95a7 100644
--- a/templates/sshd_config/Ubuntu_lucid.erb
+++ b/templates/sshd_config/Ubuntu_lucid.erb
@@ -20,8 +20,10 @@ ListenAddress <%= address %>
<% end -%>
Protocol 2
# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%>
+HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key
+<% end -%>
+
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes