aboutsummaryrefslogtreecommitdiff
path: root/manifests
AgeCommit message (Collapse)Author
2015-05-04Change 'hardened_ssl' paramter to simply 'hardened', this makes moreMicah Anderson
sense in general
2015-04-17Merge branch 'hostkey_type' into 'master'Antoine Beaupré
Hostkey type This is the pull request associated with: https://labs.riseup.net/code/issues/8285 See merge request !6
2015-01-15Debian squeeze and wheezy do not support the operatingsystemmajrelease fact ↵Jerome Charaoui
(they ship facter 1.6.x)
2014-11-21Add a $hostkey_type variable that allows you to set which hostkeyMicah Anderson
types you want to support in your sshd_config. We use the ssh_version fact to determine the default hostkey types. Only enable rsa and ed25519 for ssh versions greater or equal to 6.5, otherwise enable rsa and dsa. Some distributions, such as debian, also enable ecdsa as a hostkey type, but this is a known bad NIST curve, so we do not enable that by default (thus deviating from the stock sshd config)
2014-08-15move to os release number on centos for selectionmh
2014-06-10Openbsd also does not yet have itmh
2014-06-10EL 6 also does not have this option yetmh
2014-06-10lintig a documentmh
2014-06-10not all versions support the new defaultmh
2014-06-10Merge remote-tracking branch 'shared/master'mh
Conflicts: manifests/init.pp
2014-05-27update $authorized_keys_file variable default to be the default isMicah Anderson
documented by sshd_config(5)
2014-05-27add the ability to override the automatic inclusion of the sshd_clientMicah Anderson
2014-03-14lintingmh
2014-03-14remove unnecessary parammh
2014-02-21renamed ipaddress_fact to sshkey_ipaddresTomas Barton
2014-02-14too tired to typeTomas Barton
2014-02-14fixed variable nameTomas Barton
2014-02-14custom ip address factTomas Barton
2014-01-27validate parametersTomas Barton
2014-01-27removed lsb-release packageTomas Barton
2014-01-27removed special no-restart status for etchTomas Barton
2014-01-26client specTomas Barton
2014-01-26basic init class specsTomas Barton
2014-01-26replaces shared-lsb by puppetlabs/stdlibTomas Barton
2013-05-29rather match the correct service than the parent pidmh
the last approach only matched if someone was logged in with ssh. :/
2013-05-29Nagios disabled by defaultYoann Laissus
2013-05-20on newer puppet version the openbsd service provider changed slightly making ↵mh
this necessary
2013-02-03style fixesMichael Moll
silence puppet-lint
2012-06-13migrate away from hiera stuffmh
2012-06-05new style for 2.7mh
2011-07-29Merge remote-tracking branch 'shared/master'mh
2011-07-21Adding PrintMotd parameter to all templates and setting per-distro default valueSilvio Rhatto
2011-07-17Provide a default value for $sshd_shared_ip in sshd::clientGabriel Filion
Since it's possible to "include sshd::client" without using "include sshd" (e.g. installing/managing ssh client but not the server) provide a default value for $sshd_shared_ip also in the sshd::client class. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-16Clean out $ssh_use_strong_ciphersGabriel Filion
A tentative option from rhatto using the variable named $ssh_use_strong_ciphers still has two lines in init.pp Since the same functionality is provided by the variable $ssh_hardened_ssl that was merged in the shared repository, rhatto removed his feature. But there are still two lines left, so simply remove them. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-13Merge branch 'master' of git://labs.riseup.net/shared-sshdSilvio Rhatto
2011-06-21Merge remote-tracking branch 'lelutin/freebsd'Micah Anderson
2011-06-21New opt-in support to only use strong SSL ciphers and MACs.intrigeri
The new configuration variable is $sshd_hardened_ssl. Settings were stolen from https://github.com/ioerror/duraconf.git.
2011-04-03we should pass the architecture to devel packagesmh
2011-02-23Changing parameter name sshd_perfect_forward_secrecy to ↵Silvio Rhatto
sshd_use_strong_ciphers as sshd already does PFS
2011-02-22Merge remote-tracking branch 'lelutin/ubuntu'Micah Anderson
2011-02-19Merge branch 'master' of git://labs.riseup.net/shared-sshdSilvio Rhatto
Conflicts: templates/sshd_config/Debian_squeeze.erb
2011-02-19Pull together a more comprehensive README, moving the configurable variables ↵Micah Anderson
from init.pp into the README, and detailing the other features, and requirements, of the module
2011-02-14Merge remote branch 'shared/master'intrigeri
Conflicts: templates/sshd_config/Debian_squeeze.erb I always picked the shared repository version when conflicts arose. The only exception to this rule was: I kept my branch's "HostbasedUsesNameFromPacketOnly yes" in order to be consistent with existing Etch and Lenny templates. This is not the default Debian setting, but I would find it weird if a host had this setting changed by Puppet after upgrading to Squeeze. The right way to proceed would probably be to make this configurable.
2011-02-13Merge branch 'master' of git://labs.riseup.net/shared-sshdSilvio Rhatto
2011-01-30Enable support for UbuntuGabriel Filion
The sshd class currently has a mechanism to make resources for Ubuntu similar to the ones for Debian, but the sshd::client class doesn't. Also, There are no templates for sshd_config on Ubuntu so provide for them. Since Ubuntu releases almost all use ssh versions that are as recent as the Debian squeeze one, and the default sshd_config file is usually the same as on Debian, add a default (Ubuntu.erb) template so that it fits all Ubuntu releases. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-01-30ssh_authorized_key: use $name for user by defaultGabriel Filion
Currently ssh_authorized_key has some logic about $user being false or '', but it sets its value to default to 'root'. So, in order to use the name as the user's name, one has to clear the user parameter, which is totally redundant. Since it is sometimes useful to publish multiple keys for a user, the $user parameter is useful. To make using ssh_authorized_key for one-key normal users simpler, make $user default to being empty (which will use $name as the user name). 'root' can always be specified either via the name or by the $user paramter. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-01-30Fix ssh_authorized_keyGabriel Filion
When one uses the $name to define the user that should receive an SSH key, setting $user to a negative value, ssh_authorized_key currently creates the authorized_keys file under /home/.ssh/authorized_keys Fix this by changing ${user} to ${real_user} in the key's path. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-01-30Fix inclusion for default osGabriel Filion
When the os of a client is not one of those that use a specialized class, (e.g. FreeBSD) the inclusion is currently broken: it tries to include sshd::default which does not exist. Change this to include sshd::base instead. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2010-12-16Introducing perfect forward secrecy for SSHSilvio Rhatto
2010-12-15remote KerberosGetAFSToken, its actually not a functional configuration ↵Micah Anderson
option, even though it is listed in the man page, and commented out in the default config file. I filed a bug with debian (#607238)