aboutsummaryrefslogtreecommitdiff
path: root/manifests
AgeCommit message (Collapse)Author
2011-07-29Merge remote-tracking branch 'shared/master'mh
2011-07-21Adding PrintMotd parameter to all templates and setting per-distro default valueSilvio Rhatto
2011-07-17Provide a default value for $sshd_shared_ip in sshd::clientGabriel Filion
Since it's possible to "include sshd::client" without using "include sshd" (e.g. installing/managing ssh client but not the server) provide a default value for $sshd_shared_ip also in the sshd::client class. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-16Clean out $ssh_use_strong_ciphersGabriel Filion
A tentative option from rhatto using the variable named $ssh_use_strong_ciphers still has two lines in init.pp Since the same functionality is provided by the variable $ssh_hardened_ssl that was merged in the shared repository, rhatto removed his feature. But there are still two lines left, so simply remove them. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-13Merge branch 'master' of git://labs.riseup.net/shared-sshdSilvio Rhatto
2011-06-21Merge remote-tracking branch 'lelutin/freebsd'Micah Anderson
2011-06-21New opt-in support to only use strong SSL ciphers and MACs.intrigeri
The new configuration variable is $sshd_hardened_ssl. Settings were stolen from https://github.com/ioerror/duraconf.git.
2011-04-03we should pass the architecture to devel packagesmh
2011-02-23Changing parameter name sshd_perfect_forward_secrecy to ↵Silvio Rhatto
sshd_use_strong_ciphers as sshd already does PFS
2011-02-22Merge remote-tracking branch 'lelutin/ubuntu'Micah Anderson
2011-02-19Merge branch 'master' of git://labs.riseup.net/shared-sshdSilvio Rhatto
Conflicts: templates/sshd_config/Debian_squeeze.erb
2011-02-19Pull together a more comprehensive README, moving the configurable variables ↵Micah Anderson
from init.pp into the README, and detailing the other features, and requirements, of the module
2011-02-14Merge remote branch 'shared/master'intrigeri
Conflicts: templates/sshd_config/Debian_squeeze.erb I always picked the shared repository version when conflicts arose. The only exception to this rule was: I kept my branch's "HostbasedUsesNameFromPacketOnly yes" in order to be consistent with existing Etch and Lenny templates. This is not the default Debian setting, but I would find it weird if a host had this setting changed by Puppet after upgrading to Squeeze. The right way to proceed would probably be to make this configurable.
2011-02-13Merge branch 'master' of git://labs.riseup.net/shared-sshdSilvio Rhatto
2011-01-30Enable support for UbuntuGabriel Filion
The sshd class currently has a mechanism to make resources for Ubuntu similar to the ones for Debian, but the sshd::client class doesn't. Also, There are no templates for sshd_config on Ubuntu so provide for them. Since Ubuntu releases almost all use ssh versions that are as recent as the Debian squeeze one, and the default sshd_config file is usually the same as on Debian, add a default (Ubuntu.erb) template so that it fits all Ubuntu releases. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-01-30ssh_authorized_key: use $name for user by defaultGabriel Filion
Currently ssh_authorized_key has some logic about $user being false or '', but it sets its value to default to 'root'. So, in order to use the name as the user's name, one has to clear the user parameter, which is totally redundant. Since it is sometimes useful to publish multiple keys for a user, the $user parameter is useful. To make using ssh_authorized_key for one-key normal users simpler, make $user default to being empty (which will use $name as the user name). 'root' can always be specified either via the name or by the $user paramter. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-01-30Fix ssh_authorized_keyGabriel Filion
When one uses the $name to define the user that should receive an SSH key, setting $user to a negative value, ssh_authorized_key currently creates the authorized_keys file under /home/.ssh/authorized_keys Fix this by changing ${user} to ${real_user} in the key's path. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-01-30Fix inclusion for default osGabriel Filion
When the os of a client is not one of those that use a specialized class, (e.g. FreeBSD) the inclusion is currently broken: it tries to include sshd::default which does not exist. Change this to include sshd::base instead. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2010-12-16Introducing perfect forward secrecy for SSHSilvio Rhatto
2010-12-15remote KerberosGetAFSToken, its actually not a functional configuration ↵Micah Anderson
option, even though it is listed in the man page, and commented out in the default config file. I filed a bug with debian (#607238)
2010-12-14add Debian Squeeze sshd template. Enabled kerberos and gssapi options, using ↵Micah Anderson
the defaults when not specified
2010-10-21use realportmh
2010-10-20use parametrized class to pass ssh_ports to open up thingsmh
2010-10-20introduce that port also can't be the name, fix ensure problemmh
2010-10-20extend sshd::nagios with ensure parammh
2010-10-20add nagios_check_ssh_hostname to tweak the hostname which whould be ↵mh
monitored, as this one might actually differ
2010-10-20move define to own classmh
2010-10-18Bugfixintrigeri
2010-10-16bugfixintrigeri
2010-10-16bugfixintrigeri
2010-10-16New option sshd_ports that obsoletes sshd_port.intrigeri
Backward compatibility is preserved.
2010-10-13sshd service has status and restart commands in post-etch Debian releases.intrigeri
2010-10-04Simplify by using the config_file definition.intrigeri
2010-06-03Using sshd::client::debian for ubuntuSilvio Rhatto
2010-02-25Merge branch 'master' of git://labs.riseup.net/module_sshdSilvio Rhatto
2010-02-21update nagios check_command to check ssh port. it was using ssh_port, it ↵Micah Anderson
should be 'check_ssh_port'
2010-01-30Renaming $sshd_internal_ip to $sshd_shared_ipSilvio Rhatto
2009-12-28Merge branch 'master' of git://labs.riseup.net/module_sshdSilvio Rhatto
2009-12-27Merge remote branch 'lavamind/master'Micah Anderson
2009-12-27Reverting last changeSilvio Rhatto
2009-12-27Always including sshd::client::baseSilvio Rhatto
2009-12-27Using fqdn instead of hostname.domainSilvio Rhatto
2009-12-27Using sshrsakey instead of sshrsakey_keySilvio Rhatto
2009-12-27Introducing sshd_internal_ip variableSilvio Rhatto
2009-12-27PrintMotd using default OpenSSH settingSilvio Rhatto
2009-12-21update comments to include information about how to use the nagiosMicah Anderson
checks and the pre-requirements
2009-12-19fix the comments section so that the include isn't misleading. if youMicah Anderson
use 'include sshd::debian', then none of the variables are set, and you will fail to parse the templates
2009-12-18remove fqdn from nagios service description (hostname is used in the ↵Jerome Charaoui
internal nagios_service name)
2009-12-18make key removal a bit easiermh
2009-12-18enable that ssh auth-keys can be removedmh