aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-12-24Feat: adds templates/sshd_config/Debian_bookworm.erbdevelopSilvio Rhatto
2021-09-05Feat: adds debian bullseye templateSilvio Rhatto
2021-04-12Feat: Ubuntu Focal template (2)Silvio Rhatto
2021-04-12Feat: Ubuntu Focal templateSilvio Rhatto
2018-09-25Remove deprecated/unsafe algorithms from hardened config as reported by ↵Silvio Rhatto
ssh-audit.py
2018-09-14Adds Ubuntu bionic configSilvio Rhatto
2018-09-14Removes hmac-ripemd160 from hardened config due to OpenSSH 7.6 deprecationSilvio Rhatto
2018-08-01Adds buster configSilvio Rhatto
2017-09-11Avoid evaluation error for selector entrySilvio Rhatto
2017-06-05Changes for puppet 4 compatibilitySilvio Rhatto
2017-06-05Merge branch 'master' into developSilvio Rhatto
2017-06-05Merge branch 'master' of https://gitlab.com/shared-puppet-modules-group/sshdHEADmasterSilvio Rhatto
2017-01-23Merge branch 'feature/stretch' into 'master' Micah
Add sshd_config template for Debian Stretch. See merge request !22
2016-11-20Add sshd_config template for Debian Stretch.bertagaz
2016-03-22Move storedconfig code to separate files, trying to avoid warnings on ↵productionSilvio Rhatto
masterless setup
2016-03-21Fact ::ssh_version not being evaluated in templates at wheezy and trustySilvio Rhatto
2016-03-19Only collect ssh keys if storedconfigs are setSilvio Rhatto
2016-03-19Merge branch 'master' of https://gitlab.com/shared-puppet-modules-group/sshdSilvio Rhatto
Conflicts: README templates/sshd_config/CentOS.erb templates/sshd_config/CentOS_Final.erb templates/sshd_config/Debian_etch.erb templates/sshd_config/Debian_jessie.erb templates/sshd_config/Debian_sid.erb templates/sshd_config/Debian_squeeze.erb templates/sshd_config/Debian_wheezy.erb templates/sshd_config/Ubuntu_trusty.erb
2015-11-21Merge branch 'support_missing_ubuntu_releases' into 'master' ng
[feat] [feat] Support missing ubuntu releases Add quantal, raring, saucy, trusty, utopic, vivid, wily, xenial ubuntu release See merge request !20
2015-11-09[bug] Fix typo for including sshkey classvarac
2015-11-09Merge branch 'disable_stored_config' into 'master' Micah
[feat] Optinally disable exported resources If run masterless, we cannot export resources, so we move them to an own class. Including it can be disabled by passing "use_storedconfig" to the sshd class. See merge request !21
2015-11-09[feat] Optinally disable exported resourcesvarac
If run masterless, we cannot export resources, so we move them to an own class. Including it can be disabled by passing "use_storedconfig" to the sshd class.
2015-11-03[feat] [feat] Support missing ubuntu releasesvarac
Add quantal, raring, saucy, trusty, utopic, vivid, wily, xenial ubuntu release
2015-10-19Ubuntu trusty configSilvio Rhatto
2015-10-09Merge branch 'autossh' into 'master' Micah
autossh support this series of commits adds support for autossh, to automatically create a tunnel with port forwarding. we use this to login to *really* remote servers reliably, behind multiple NATs and satellite connexions. it rocks. See merge request !18
2015-10-09Merge branch 'disable_debian_banner' into 'master' Jerome Charaoui
disable the debian/ubuntu package version from being sent to clients dkg pointed out to riseup that our ssh servers were revealing the package version to clients, which is controlled by the DebianBanner config option. It exists in both Debian and Ubuntu and defaults to 'yes', so we explicitly set it to 'no' in the templates for those distros. See merge request !17
2015-10-06Merge branch 'master' into 'master' Micah
choose better MAC for squeeze and wheezy both squeeze (1:5.5p1-6+squeeze6) and wheezy (1:6.0p1-4+deb7u2) have MACs better than hmac-sha1 available in the default search, they both have hmac-sha2-512, hmac-sha2-256, and hmac-ripemd160. So switch to using hmac-sha2-512, which lets us lock down the client MACs more. See merge request !19
2015-09-11choose better MAC for squeeze and wheezyMatt Taggart
both squeeze (1:5.5p1-6+squeeze6) and wheezy (1:6.0p1-4+deb7u2) have MACs better than hmac-sha1 available in the default search, they both have hmac-sha2-512, hmac-sha2-256, and hmac-ripemd160. So switch to using hmac-sha2-512, which lets us lock down the client MACs more.
2015-06-18disable autossh control portAntoine Beaupré
this is important to make it easier to guess the ssh port from the central server. we rely on ServerAliveInterval instead to reconnect when we lose the server. this was unintentionally removed in november 2012 in the isuma-autossh package, saying it was "not supported everywhere" and due to some confusion about the defaults (defaults are to *enable* the port). see commit ec0ebdd9533a29ee4f62f9fbb84ee9e80219ef84 in there.
2015-06-18make autossh fork properlyAntoine Beaupré
2015-06-18implement autossh reloadAntoine Beaupré
not sure what this was for, but it was in the original implementation
2015-06-18properly implement daemonAntoine Beaupré
2015-06-18allow customizing userAntoine Beaupré
2015-06-18try to avoid conflicting with the isuma-local-servers packageAntoine Beaupré
2015-06-18rewrite autossh startup script with dh_make templateAntoine Beaupré
2015-06-18remove traces of isuma vendorAntoine Beaupré
2015-06-18import from autossh packageAntoine Beaupré
2015-06-08Facter values changed in 2.x for XenServerJerome Charaoui
2015-05-22disable the debian/ubuntu package version from being sent to clientsMatt Taggart
2015-05-21Add newline to ssh_authorized_key file contentJerome Charaoui
2015-05-21Simplify ssh_authorized_keyJerome Charaoui
2015-05-21Revert "Simplify ssh_authorized_key"Jerome Charaoui
puppet-lint complains about "selector inside resource" This reverts commit f3c0115743cab9d4e6c08b654b67631566572d41.
2015-05-21Simplify ssh_authorized_keyJerome Charaoui
2015-05-21Add header to ssh_authorized_key when override_builting = 1Jerome Charaoui
2015-05-21Fix invalid single quotes around variablesJerome Charaoui
2015-05-20Merge branch 'debian-login-grace' into 'master'Jerome Charaoui
sync LoginGraceTime with debian defaults for some reason this was 10 minutes in our module, yet 120s everywhere else. and only in wheezy too, wtf... See merge request !13
2015-05-20Merge branch 'master' into 'master'Jerome Charaoui
add override_builtin parameter to handle the common authorized_key directory case riseup uses a common authorized_keys directory and this commit works around a bug in the puppet function that can't handle that. See the longer comment in the code. See merge request !15
2015-05-20add override_builtin parameter to handle the common authorized_key directory ↵Matt Taggart
case
2015-05-15add jessie config templatedb
2015-05-13sync LoginGraceTime with debian defaultsAntoine Beaupré