Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-12-24 | Feat: adds templates/sshd_config/Debian_bookworm.erbdevelop | Silvio Rhatto | |
2021-09-05 | Feat: adds debian bullseye template | Silvio Rhatto | |
2021-04-12 | Feat: Ubuntu Focal template (2) | Silvio Rhatto | |
2021-04-12 | Feat: Ubuntu Focal template | Silvio Rhatto | |
2018-09-25 | Remove deprecated/unsafe algorithms from hardened config as reported by ↵ | Silvio Rhatto | |
ssh-audit.py | |||
2018-09-14 | Adds Ubuntu bionic config | Silvio Rhatto | |
2018-09-14 | Removes hmac-ripemd160 from hardened config due to OpenSSH 7.6 deprecation | Silvio Rhatto | |
2018-08-01 | Adds buster config | Silvio Rhatto | |
2017-09-11 | Avoid evaluation error for selector entry | Silvio Rhatto | |
2017-06-05 | Changes for puppet 4 compatibility | Silvio Rhatto | |
2017-06-05 | Merge branch 'master' into develop | Silvio Rhatto | |
2017-06-05 | Merge branch 'master' of https://gitlab.com/shared-puppet-modules-group/sshdHEADmaster | Silvio Rhatto | |
2017-01-23 | Merge branch 'feature/stretch' into 'master' | Micah | |
Add sshd_config template for Debian Stretch. See merge request !22 | |||
2016-11-20 | Add sshd_config template for Debian Stretch. | bertagaz | |
2016-03-22 | Move storedconfig code to separate files, trying to avoid warnings on ↵production | Silvio Rhatto | |
masterless setup | |||
2016-03-21 | Fact ::ssh_version not being evaluated in templates at wheezy and trusty | Silvio Rhatto | |
2016-03-19 | Only collect ssh keys if storedconfigs are set | Silvio Rhatto | |
2016-03-19 | Merge branch 'master' of https://gitlab.com/shared-puppet-modules-group/sshd | Silvio Rhatto | |
Conflicts: README templates/sshd_config/CentOS.erb templates/sshd_config/CentOS_Final.erb templates/sshd_config/Debian_etch.erb templates/sshd_config/Debian_jessie.erb templates/sshd_config/Debian_sid.erb templates/sshd_config/Debian_squeeze.erb templates/sshd_config/Debian_wheezy.erb templates/sshd_config/Ubuntu_trusty.erb | |||
2015-11-21 | Merge branch 'support_missing_ubuntu_releases' into 'master' | ng | |
[feat] [feat] Support missing ubuntu releases Add quantal, raring, saucy, trusty, utopic, vivid, wily, xenial ubuntu release See merge request !20 | |||
2015-11-09 | [bug] Fix typo for including sshkey class | varac | |
2015-11-09 | Merge branch 'disable_stored_config' into 'master' | Micah | |
[feat] Optinally disable exported resources If run masterless, we cannot export resources, so we move them to an own class. Including it can be disabled by passing "use_storedconfig" to the sshd class. See merge request !21 | |||
2015-11-09 | [feat] Optinally disable exported resources | varac | |
If run masterless, we cannot export resources, so we move them to an own class. Including it can be disabled by passing "use_storedconfig" to the sshd class. | |||
2015-11-03 | [feat] [feat] Support missing ubuntu releases | varac | |
Add quantal, raring, saucy, trusty, utopic, vivid, wily, xenial ubuntu release | |||
2015-10-19 | Ubuntu trusty config | Silvio Rhatto | |
2015-10-09 | Merge branch 'autossh' into 'master' | Micah | |
autossh support this series of commits adds support for autossh, to automatically create a tunnel with port forwarding. we use this to login to *really* remote servers reliably, behind multiple NATs and satellite connexions. it rocks. See merge request !18 | |||
2015-10-09 | Merge branch 'disable_debian_banner' into 'master' | Jerome Charaoui | |
disable the debian/ubuntu package version from being sent to clients dkg pointed out to riseup that our ssh servers were revealing the package version to clients, which is controlled by the DebianBanner config option. It exists in both Debian and Ubuntu and defaults to 'yes', so we explicitly set it to 'no' in the templates for those distros. See merge request !17 | |||
2015-10-06 | Merge branch 'master' into 'master' | Micah | |
choose better MAC for squeeze and wheezy both squeeze (1:5.5p1-6+squeeze6) and wheezy (1:6.0p1-4+deb7u2) have MACs better than hmac-sha1 available in the default search, they both have hmac-sha2-512, hmac-sha2-256, and hmac-ripemd160. So switch to using hmac-sha2-512, which lets us lock down the client MACs more. See merge request !19 | |||
2015-09-11 | choose better MAC for squeeze and wheezy | Matt Taggart | |
both squeeze (1:5.5p1-6+squeeze6) and wheezy (1:6.0p1-4+deb7u2) have MACs better than hmac-sha1 available in the default search, they both have hmac-sha2-512, hmac-sha2-256, and hmac-ripemd160. So switch to using hmac-sha2-512, which lets us lock down the client MACs more. | |||
2015-06-18 | disable autossh control port | Antoine Beaupré | |
this is important to make it easier to guess the ssh port from the central server. we rely on ServerAliveInterval instead to reconnect when we lose the server. this was unintentionally removed in november 2012 in the isuma-autossh package, saying it was "not supported everywhere" and due to some confusion about the defaults (defaults are to *enable* the port). see commit ec0ebdd9533a29ee4f62f9fbb84ee9e80219ef84 in there. | |||
2015-06-18 | make autossh fork properly | Antoine Beaupré | |
2015-06-18 | implement autossh reload | Antoine Beaupré | |
not sure what this was for, but it was in the original implementation | |||
2015-06-18 | properly implement daemon | Antoine Beaupré | |
2015-06-18 | allow customizing user | Antoine Beaupré | |
2015-06-18 | try to avoid conflicting with the isuma-local-servers package | Antoine Beaupré | |
2015-06-18 | rewrite autossh startup script with dh_make template | Antoine Beaupré | |
2015-06-18 | remove traces of isuma vendor | Antoine Beaupré | |
2015-06-18 | import from autossh package | Antoine Beaupré | |
2015-06-08 | Facter values changed in 2.x for XenServer | Jerome Charaoui | |
2015-05-22 | disable the debian/ubuntu package version from being sent to clients | Matt Taggart | |
2015-05-21 | Add newline to ssh_authorized_key file content | Jerome Charaoui | |
2015-05-21 | Simplify ssh_authorized_key | Jerome Charaoui | |
2015-05-21 | Revert "Simplify ssh_authorized_key" | Jerome Charaoui | |
puppet-lint complains about "selector inside resource" This reverts commit f3c0115743cab9d4e6c08b654b67631566572d41. | |||
2015-05-21 | Simplify ssh_authorized_key | Jerome Charaoui | |
2015-05-21 | Add header to ssh_authorized_key when override_builting = 1 | Jerome Charaoui | |
2015-05-21 | Fix invalid single quotes around variables | Jerome Charaoui | |
2015-05-20 | Merge branch 'debian-login-grace' into 'master' | Jerome Charaoui | |
sync LoginGraceTime with debian defaults for some reason this was 10 minutes in our module, yet 120s everywhere else. and only in wheezy too, wtf... See merge request !13 | |||
2015-05-20 | Merge branch 'master' into 'master' | Jerome Charaoui | |
add override_builtin parameter to handle the common authorized_key directory case riseup uses a common authorized_keys directory and this commit works around a bug in the puppet function that can't handle that. See the longer comment in the code. See merge request !15 | |||
2015-05-20 | add override_builtin parameter to handle the common authorized_key directory ↵ | Matt Taggart | |
case | |||
2015-05-15 | add jessie config template | db | |
2015-05-13 | sync LoginGraceTime with debian defaults | Antoine Beaupré | |