aboutsummaryrefslogtreecommitdiff
path: root/manifests
AgeCommit message (Collapse)Author
2015-06-18allow customizing userAntoine Beaupré
2015-06-18rewrite autossh startup script with dh_make templateAntoine Beaupré
2015-06-18remove traces of isuma vendorAntoine Beaupré
2015-06-18import from autossh packageAntoine Beaupré
2015-05-21Add newline to ssh_authorized_key file contentJerome Charaoui
2015-05-21Simplify ssh_authorized_keyJerome Charaoui
2015-05-21Revert "Simplify ssh_authorized_key"Jerome Charaoui
puppet-lint complains about "selector inside resource" This reverts commit f3c0115743cab9d4e6c08b654b67631566572d41.
2015-05-21Simplify ssh_authorized_keyJerome Charaoui
2015-05-21Add header to ssh_authorized_key when override_builting = 1Jerome Charaoui
2015-05-21Fix invalid single quotes around variablesJerome Charaoui
2015-05-20add override_builtin parameter to handle the common authorized_key directory ↵Matt Taggart
case
2015-05-04Change 'hardened_ssl' paramter to simply 'hardened', this makes moreMicah Anderson
sense in general
2015-04-17Merge branch 'hostkey_type' into 'master'Antoine Beaupré
Hostkey type This is the pull request associated with: https://labs.riseup.net/code/issues/8285 See merge request !6
2015-01-15Debian squeeze and wheezy do not support the operatingsystemmajrelease fact ↵Jerome Charaoui
(they ship facter 1.6.x)
2014-11-21Add a $hostkey_type variable that allows you to set which hostkeyMicah Anderson
types you want to support in your sshd_config. We use the ssh_version fact to determine the default hostkey types. Only enable rsa and ed25519 for ssh versions greater or equal to 6.5, otherwise enable rsa and dsa. Some distributions, such as debian, also enable ecdsa as a hostkey type, but this is a known bad NIST curve, so we do not enable that by default (thus deviating from the stock sshd config)
2014-08-15move to os release number on centos for selectionmh
2014-06-10Openbsd also does not yet have itmh
2014-06-10EL 6 also does not have this option yetmh
2014-06-10lintig a documentmh
2014-06-10not all versions support the new defaultmh
2014-06-10Merge remote-tracking branch 'shared/master'mh
Conflicts: manifests/init.pp
2014-05-27update $authorized_keys_file variable default to be the default isMicah Anderson
documented by sshd_config(5)
2014-05-27add the ability to override the automatic inclusion of the sshd_clientMicah Anderson
2014-03-14lintingmh
2014-03-14remove unnecessary parammh
2014-02-21renamed ipaddress_fact to sshkey_ipaddresTomas Barton
2014-02-14too tired to typeTomas Barton
2014-02-14fixed variable nameTomas Barton
2014-02-14custom ip address factTomas Barton
2014-01-27validate parametersTomas Barton
2014-01-27removed lsb-release packageTomas Barton
2014-01-27removed special no-restart status for etchTomas Barton
2014-01-26client specTomas Barton
2014-01-26basic init class specsTomas Barton
2014-01-26replaces shared-lsb by puppetlabs/stdlibTomas Barton
2013-05-29rather match the correct service than the parent pidmh
the last approach only matched if someone was logged in with ssh. :/
2013-05-29Nagios disabled by defaultYoann Laissus
2013-05-20on newer puppet version the openbsd service provider changed slightly making ↵mh
this necessary
2013-02-03style fixesMichael Moll
silence puppet-lint
2012-06-13migrate away from hiera stuffmh
2012-06-05new style for 2.7mh
2011-07-29Merge remote-tracking branch 'shared/master'mh
2011-07-21Adding PrintMotd parameter to all templates and setting per-distro default valueSilvio Rhatto
2011-07-17Provide a default value for $sshd_shared_ip in sshd::clientGabriel Filion
Since it's possible to "include sshd::client" without using "include sshd" (e.g. installing/managing ssh client but not the server) provide a default value for $sshd_shared_ip also in the sshd::client class. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-16Clean out $ssh_use_strong_ciphersGabriel Filion
A tentative option from rhatto using the variable named $ssh_use_strong_ciphers still has two lines in init.pp Since the same functionality is provided by the variable $ssh_hardened_ssl that was merged in the shared repository, rhatto removed his feature. But there are still two lines left, so simply remove them. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-13Merge branch 'master' of git://labs.riseup.net/shared-sshdSilvio Rhatto
2011-06-21Merge remote-tracking branch 'lelutin/freebsd'Micah Anderson
2011-06-21New opt-in support to only use strong SSL ciphers and MACs.intrigeri
The new configuration variable is $sshd_hardened_ssl. Settings were stolen from https://github.com/ioerror/duraconf.git.
2011-04-03we should pass the architecture to devel packagesmh
2011-02-23Changing parameter name sshd_perfect_forward_secrecy to ↵Silvio Rhatto
sshd_use_strong_ciphers as sshd already does PFS