aboutsummaryrefslogtreecommitdiff
path: root/templates/sshd_config/FreeBSD.erb
AgeCommit message (Collapse)Author
2016-03-19Merge branch 'master' of https://gitlab.com/shared-puppet-modules-group/sshdSilvio Rhatto
Conflicts: README templates/sshd_config/CentOS.erb templates/sshd_config/CentOS_Final.erb templates/sshd_config/Debian_etch.erb templates/sshd_config/Debian_jessie.erb templates/sshd_config/Debian_sid.erb templates/sshd_config/Debian_squeeze.erb templates/sshd_config/Debian_wheezy.erb templates/sshd_config/Ubuntu_trusty.erb
2015-05-07Adjust variable lookup in templates to silence deprecation warnings, fixes #1Jerome Charaoui
2015-05-04Implement enhanced MAC (Message Authentication Codes) according toMicah Anderson
installed version of openssh and https://stribika.github.io/2015/01/04/secure-secure-shell.html
2015-05-04Implement enhanced symmetric cipher selection, based onMicah Anderson
https://stribika.github.io/2015/01/04/secure-secure-shell.html and version of openssh installed
2015-05-04Implement KexAlgorithms settings, based on Key exchange section ofMicah Anderson
https://stribika.github.io/2015/01/04/secure-secure-shell.html Note, that on some systems it is uncertain if they will have a new enough version of openssh installed, so on those a version test is done to see before setting them.
2015-05-04Change 'hardened_ssl' paramter to simply 'hardened', this makes moreMicah Anderson
sense in general
2014-11-21Add a $hostkey_type variable that allows you to set which hostkeyMicah Anderson
types you want to support in your sshd_config. We use the ssh_version fact to determine the default hostkey types. Only enable rsa and ed25519 for ssh versions greater or equal to 6.5, otherwise enable rsa and dsa. Some distributions, such as debian, also enable ecdsa as a hostkey type, but this is a known bad NIST curve, so we do not enable that by default (thus deviating from the stock sshd config)
2014-08-19Back to OpenSSH HMAC: SHA1 -> SHA2-512 (suggested by duraconf)Silvio Rhatto
2013-07-16Rollback: hmac-sha2-512 is just supported on newer systemsSilvio Rhatto
2013-07-16OpenSSH HMAC: SHA1 -> SHA2-512 (suggested by duraconf)Silvio Rhatto
2012-06-18correct variable namingmh
2012-06-05new style for 2.7mh
2011-07-21Adding PrintMotd parameter to all templates and setting per-distro default valueSilvio Rhatto
2011-07-16Enable $ssh_hardened_ssl for FreeBSDGabriel Filion
It is the only sshd_config template that didn't have this option, so copy it from the other templates. Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-14Updating FreeBSD template for new sshd_ports variableSilvio Rhatto
2011-02-21FreeBSD: Use variables for the Kerberos optionsGabriel Filion
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-01-30Add an sshd_config template for FreeBSDGabriel Filion
Since there is no "catch-all" default configuration file for sshd, we need to add for each OS. Add a template for FreeBSD so that sshd can be configured on this OS. Signed-off-by: Gabriel Filion <lelutin@gmail.com>