aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-08-19Back to hmac-sha1 on lenny/squeezeSilvio Rhatto
2014-08-19Back to OpenSSH HMAC: SHA1 -> SHA2-512 (suggested by duraconf)Silvio Rhatto
2013-07-20Back to hmac-sha1 as hmac-sha2-512 prevented squeeze systems to connectSilvio Rhatto
2013-07-16Rollback: hmac-sha2-512 is just supported on newer systemsSilvio Rhatto
2013-07-16OpenSSH HMAC: SHA1 -> SHA2-512 (suggested by duraconf)Silvio Rhatto
2013-01-20Avoiding UTF-8 string due to puppet issue #11860Silvio Rhatto
2013-01-17Merge branch 'master' of git://labs.riseup.net/shared-sshdSilvio Rhatto
Conflicts: templates/sshd_config/Ubuntu_precise.erb
2013-01-09README upgrade noticevarac
2013-01-02Merge commit '42fce2a4576dd97a270d4d875531b39920655edb'mh
2013-01-02Merge remote-tracking branch 'shared/master'mh
2012-11-07added Ubuntu precise supportnadir
2012-08-26fix variable namemh
2012-06-18correct variable namingmh
2012-06-13migrate away from hiera stuffmh
2012-06-08recmkdir is gonemh
2012-06-05new style for 2.7mh
2012-06-05new style for 2.7mh
2012-05-09Adding precise templateSilvio Rhatto
2012-02-03Adding sshd_config for oneiricSilvio Rhatto
2011-07-29remove legacy factsmh
2011-07-29Merge remote-tracking branch 'shared/master'mh
2011-07-21Adding PrintMotd parameter to all templates and setting per-distro default valueSilvio Rhatto
2011-07-17Document the $sshd_shared_ip variable in the READMEGabriel Filion
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-17Document the $sshd_print_motd variable in the READMEGabriel Filion
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-17Provide a default value for $sshd_shared_ip in sshd::clientGabriel Filion
Since it's possible to "include sshd::client" without using "include sshd" (e.g. installing/managing ssh client but not the server) provide a default value for $sshd_shared_ip also in the sshd::client class. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-16Clean out $ssh_use_strong_ciphersGabriel Filion
A tentative option from rhatto using the variable named $ssh_use_strong_ciphers still has two lines in init.pp Since the same functionality is provided by the variable $ssh_hardened_ssl that was merged in the shared repository, rhatto removed his feature. But there are still two lines left, so simply remove them. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-16Enable $ssh_hardened_ssl for FreeBSDGabriel Filion
It is the only sshd_config template that didn't have this option, so copy it from the other templates. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-14Updating FreeBSD template for new sshd_ports variableSilvio Rhatto
2011-07-13Removing sshd_use_strong_ciphers parameter as sshd_hardened_ssl does the jobSilvio Rhatto
2011-07-13Merge branch 'master' of git://labs.riseup.net/shared-sshdSilvio Rhatto
2011-06-21Merge remote-tracking branch 'lelutin/freebsd'Micah Anderson
2011-06-21Merge branch 'feature/debian_wheezy'intrigeri
2011-06-21Add sshd_config template for Debian Wheezy.intrigeri
Currently, this is a symlink to the Debian sid's one, which I've recently resync'd. Once Wheezy is frozen, we'll want to fork its own template.
2011-06-21New opt-in support to only use strong SSL ciphers and MACs.intrigeri
The new configuration variable is $sshd_hardened_ssl. Settings were stolen from https://github.com/ioerror/duraconf.git.
2011-04-03we should pass the architecture to devel packagesmh
2011-02-23Changing strong cipher to aes128-crtSilvio Rhatto
2011-02-23Adding sshd_use_strong_ciphers to all sshd_config templatesSilvio Rhatto
2011-02-23Changing parameter name sshd_perfect_forward_secrecy to ↵Silvio Rhatto
sshd_use_strong_ciphers as sshd already does PFS
2011-02-22Merge remote-tracking branch 'lelutin/ubuntu'Micah Anderson
2011-02-21FreeBSD: Use variables for the Kerberos optionsGabriel Filion
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-02-21remove HostbasedUsesNameFromPacketOnly yes from Debian sshd_config ↵Micah Anderson
templates. This is not set in the Debian templates by default, and the default is actually no, not yes. If someone wishes to make a configuration variable they can, otherwise head/tail_additional options can be used
2011-02-21Resync Debian sid template with the Squeeze's one.intrigeri
Currently, the only difference is LoginGraceTime, that defaults to 600 in sid.
2011-02-21Merge remote branch 'lelutin/debian_template'intrigeri
2011-02-19Updating lucid template with new ssh port schemeSilvio Rhatto
2011-02-19Merge branch 'master' of git://labs.riseup.net/shared-sshdSilvio Rhatto
Conflicts: templates/sshd_config/Debian_squeeze.erb
2011-02-19Update README to include the ssh_keygen functionMicah Anderson
2011-02-19Pull together a more comprehensive README, moving the configurable variables ↵Micah Anderson
from init.pp into the README, and detailing the other features, and requirements, of the module
2011-02-14Merge remote branch 'shared/master'intrigeri
Conflicts: templates/sshd_config/Debian_squeeze.erb I always picked the shared repository version when conflicts arose. The only exception to this rule was: I kept my branch's "HostbasedUsesNameFromPacketOnly yes" in order to be consistent with existing Etch and Lenny templates. This is not the default Debian setting, but I would find it weird if a host had this setting changed by Puppet after upgrading to Squeeze. The right way to proceed would probably be to make this configurable.
2011-02-14Merge remote branch 'immerda/master'intrigeri
2011-02-13Perfect forward secrecy config at squeeze templateSilvio Rhatto
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 14:24:07 +0000