Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-05-21 | Add header to ssh_authorized_key when override_builting = 1 | Jerome Charaoui | |
2015-05-21 | Fix invalid single quotes around variables | Jerome Charaoui | |
2015-05-20 | Merge branch 'debian-login-grace' into 'master' | Jerome Charaoui | |
sync LoginGraceTime with debian defaults for some reason this was 10 minutes in our module, yet 120s everywhere else. and only in wheezy too, wtf... See merge request !13 | |||
2015-05-20 | Merge branch 'master' into 'master' | Jerome Charaoui | |
add override_builtin parameter to handle the common authorized_key directory case riseup uses a common authorized_keys directory and this commit works around a bug in the puppet function that can't handle that. See the longer comment in the code. See merge request !15 | |||
2015-05-20 | add override_builtin parameter to handle the common authorized_key directory ↵ | Matt Taggart | |
case | |||
2015-05-13 | sync LoginGraceTime with debian defaults | Antoine Beaupré | |
2015-05-07 | Merge branch 'fix_lookupvar' into 'master' | Micah | |
Adjust variable lookup in templates to silence deprecation warnings, fixes #1 See merge request !12 | |||
2015-05-07 | Adjust variable lookup in templates to silence deprecation warnings, fixes #1 | Jerome Charaoui | |
2015-05-07 | Merge branch 'enhance_hardened' into 'master' | Jerome Charaoui | |
Enhance hardened This implements as many recommendations in https://stribika.github.io/2015/01/04/secure-secure-shell.html as possible See merge request !10 | |||
2015-05-04 | Implement enhanced MAC (Message Authentication Codes) according to | Micah Anderson | |
installed version of openssh and https://stribika.github.io/2015/01/04/secure-secure-shell.html | |||
2015-05-04 | Implement enhanced symmetric cipher selection, based on | Micah Anderson | |
https://stribika.github.io/2015/01/04/secure-secure-shell.html and version of openssh installed | |||
2015-05-04 | Implement KexAlgorithms settings, based on Key exchange section of | Micah Anderson | |
https://stribika.github.io/2015/01/04/secure-secure-shell.html Note, that on some systems it is uncertain if they will have a new enough version of openssh installed, so on those a version test is done to see before setting them. | |||
2015-05-04 | Change 'hardened_ssl' paramter to simply 'hardened', this makes more | Micah Anderson | |
sense in general | |||
2015-05-04 | Merge branch 'remove_lenny' into 'master' | Jerome Charaoui | |
remove Debian Lenny support See merge request !8 | |||
2015-05-01 | remove Debian Lenny support | Micah Anderson | |
2015-04-17 | Merge remote-tracking branch 'micah/remove_etch' into shared | Antoine Beaupré | |
Conflicts: templates/sshd_config/Debian_etch.erb | |||
2015-04-17 | Merge branch 'hostkey_type' into 'master' | Antoine Beaupré | |
Hostkey type This is the pull request associated with: https://labs.riseup.net/code/issues/8285 See merge request !6 | |||
2015-04-17 | remove etch support | Micah Anderson | |
2015-04-17 | Add GPLv3 license | Micah Anderson | |
2015-03-27 | change the ssh_keygen function to use different methods depending on if | Micah Anderson | |
its puppet 3 or puppet 2 | |||
2015-03-27 | Given that ssh -V prints the info we want on stderr, made it so we are 100% ↵ | Micah Anderson | |
sure we are only parsing the expected string | |||
2015-03-02 | Merge branch 'document_nagios_custom_logic' into 'master' | Jerome Charaoui | |
Document nagios custom logic Add some note for ppl who need to inject their own logic before creating nagios-related checks. See merge request !5 | |||
2015-02-20 | README: mention how one could reuse nagios resources with their own logic | Gabriel Filion | |
Some people might want to inject their own logic before including nagios resources. We can explain that since the nagios resources are in their own part of the manifests, they can shortcut the module's automatic handling of it, and call it manually from their own manifests. | |||
2015-02-20 | README: Change project URL to point at the new one | Gabriel Filion | |
2015-02-20 | Merge branch 'master' into 'master' | LeLutin | |
Add RedHat_xenenterprise template symlink See merge request !4 | |||
2015-01-22 | Add RedHat_xenenterprise template symlink | Jerome Charaoui | |
2015-01-17 | Merge branch 'master' into 'master' | ng | |
Fix for Debian squeeze and ssh_keygen for Puppet < 3 installs Facter versions that are shipping in Debian squeeze and wheezy do not support the operatingsystemmajrelease core fact, which appears only from facter 1.7 onwards. This isn't a big problem for wheezy since the openssh-server version it ships supports multiple AuthorizedKeysFile file paths, On Debian squeeze, openssh-server does NOT support multuple AuthorizedKeysFile and will refuse to start with such a definition. ALSO: `ssh_keygen` is currently broken for Puppet 2.7.x clients. This commit should resolve the issue. The fix was suggested by @ng in reference to https://github.com/duritong/puppet-sysctl/blob/master/lib/puppet/provider/sysctl_runtime/sysctl_runtime.rb#L16-L17 See merge request !3 | |||
2015-01-15 | Fix ssh_keygen for Puppet < 3 installs | Jerome Charaoui | |
2015-01-15 | Debian squeeze and wheezy do not support the operatingsystemmajrelease fact ↵ | Jerome Charaoui | |
(they ship facter 1.6.x) | |||
2014-11-21 | Add a $hostkey_type variable that allows you to set which hostkey | Micah Anderson | |
types you want to support in your sshd_config. We use the ssh_version fact to determine the default hostkey types. Only enable rsa and ed25519 for ssh versions greater or equal to 6.5, otherwise enable rsa and dsa. Some distributions, such as debian, also enable ecdsa as a hostkey type, but this is a known bad NIST curve, so we do not enable that by default (thus deviating from the stock sshd config) | |||
2014-11-21 | add custom fact, providing ssh_version | Micah Anderson | |
2014-11-21 | Merge remote-tracking branch 'tails/feature/jessie-and-sid-templates' | Micah Anderson | |
2014-11-01 | Merge remote-tracking branch 'immerda/master' | Micah Anderson | |
2014-11-01 | Revert "get ecdsa host keys in Debian Wheezy" | Micah Anderson | |
This reverts commit 1eabfe1b590f6663c2558f949408a08fc5f58fa6. These shitty NIST curves are no good | |||
2014-09-17 | Copy the Debian sid template to a new one for Jessie. | intrigeri | |
Another option could be to symlink it, but the freeze is coming soon, so most likely they'll start to diverge at some point. | |||
2014-09-17 | Resynchronize Debian sid template with the configuration file currently ↵ | intrigeri | |
shipped by the package. | |||
2014-08-15 | move to os release number on centos for selection | mh | |
2014-06-10 | Openbsd also does not yet have it | mh | |
2014-06-10 | EL 6 also does not have this option yet | mh | |
2014-06-10 | lintig a document | mh | |
2014-06-10 | not all versions support the new default | mh | |
2014-06-10 | Merge remote-tracking branch 'shared/master' | mh | |
Conflicts: manifests/init.pp | |||
2014-05-27 | update $authorized_keys_file variable default to be the default is | Micah Anderson | |
documented by sshd_config(5) | |||
2014-05-27 | add the ability to override the automatic inclusion of the sshd_client | Micah Anderson | |
2014-03-14 | linting | mh | |
2014-03-14 | remove unnecessary param | mh | |
2014-02-21 | renamed ipaddress_fact to sshkey_ipaddres | Tomas Barton | |
2014-02-14 | too tired to type | Tomas Barton | |
2014-02-14 | fixed variable name | Tomas Barton | |
2014-02-14 | custom ip address fact | Tomas Barton | |