Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-04-12 | Feat: Ubuntu Focal template (2) | Silvio Rhatto | |
2021-04-12 | Feat: Ubuntu Focal template | Silvio Rhatto | |
2018-09-25 | Remove deprecated/unsafe algorithms from hardened config as reported by ↵ | Silvio Rhatto | |
ssh-audit.py | |||
2018-09-14 | Adds Ubuntu bionic config | Silvio Rhatto | |
2018-09-14 | Removes hmac-ripemd160 from hardened config due to OpenSSH 7.6 deprecation | Silvio Rhatto | |
2018-08-01 | Adds buster config | Silvio Rhatto | |
2017-06-05 | Merge branch 'master' into develop | Silvio Rhatto | |
2017-06-05 | Merge branch 'master' of https://gitlab.com/shared-puppet-modules-group/sshdHEADmaster | Silvio Rhatto | |
2016-11-20 | Add sshd_config template for Debian Stretch. | bertagaz | |
2016-03-21 | Fact ::ssh_version not being evaluated in templates at wheezy and trusty | Silvio Rhatto | |
2016-03-19 | Merge branch 'master' of https://gitlab.com/shared-puppet-modules-group/sshd | Silvio Rhatto | |
Conflicts: README templates/sshd_config/CentOS.erb templates/sshd_config/CentOS_Final.erb templates/sshd_config/Debian_etch.erb templates/sshd_config/Debian_jessie.erb templates/sshd_config/Debian_sid.erb templates/sshd_config/Debian_squeeze.erb templates/sshd_config/Debian_wheezy.erb templates/sshd_config/Ubuntu_trusty.erb | |||
2015-11-03 | [feat] [feat] Support missing ubuntu releases | varac | |
Add quantal, raring, saucy, trusty, utopic, vivid, wily, xenial ubuntu release | |||
2015-10-19 | Ubuntu trusty config | Silvio Rhatto | |
2015-10-09 | Merge branch 'disable_debian_banner' into 'master' | Jerome Charaoui | |
disable the debian/ubuntu package version from being sent to clients dkg pointed out to riseup that our ssh servers were revealing the package version to clients, which is controlled by the DebianBanner config option. It exists in both Debian and Ubuntu and defaults to 'yes', so we explicitly set it to 'no' in the templates for those distros. See merge request !17 | |||
2015-09-11 | choose better MAC for squeeze and wheezy | Matt Taggart | |
both squeeze (1:5.5p1-6+squeeze6) and wheezy (1:6.0p1-4+deb7u2) have MACs better than hmac-sha1 available in the default search, they both have hmac-sha2-512, hmac-sha2-256, and hmac-ripemd160. So switch to using hmac-sha2-512, which lets us lock down the client MACs more. | |||
2015-06-08 | Facter values changed in 2.x for XenServer | Jerome Charaoui | |
2015-05-22 | disable the debian/ubuntu package version from being sent to clients | Matt Taggart | |
2015-05-15 | add jessie config template | db | |
2015-05-13 | sync LoginGraceTime with debian defaults | Antoine Beaupré | |
2015-05-07 | Adjust variable lookup in templates to silence deprecation warnings, fixes #1 | Jerome Charaoui | |
2015-05-04 | Implement enhanced MAC (Message Authentication Codes) according to | Micah Anderson | |
installed version of openssh and https://stribika.github.io/2015/01/04/secure-secure-shell.html | |||
2015-05-04 | Implement enhanced symmetric cipher selection, based on | Micah Anderson | |
https://stribika.github.io/2015/01/04/secure-secure-shell.html and version of openssh installed | |||
2015-05-04 | Implement KexAlgorithms settings, based on Key exchange section of | Micah Anderson | |
https://stribika.github.io/2015/01/04/secure-secure-shell.html Note, that on some systems it is uncertain if they will have a new enough version of openssh installed, so on those a version test is done to see before setting them. | |||
2015-05-04 | Change 'hardened_ssl' paramter to simply 'hardened', this makes more | Micah Anderson | |
sense in general | |||
2015-05-01 | remove Debian Lenny support | Micah Anderson | |
2015-04-17 | Merge remote-tracking branch 'micah/remove_etch' into shared | Antoine Beaupré | |
Conflicts: templates/sshd_config/Debian_etch.erb | |||
2015-04-17 | Merge branch 'hostkey_type' into 'master' | Antoine Beaupré | |
Hostkey type This is the pull request associated with: https://labs.riseup.net/code/issues/8285 See merge request !6 | |||
2015-04-17 | remove etch support | Micah Anderson | |
2015-01-22 | Add RedHat_xenenterprise template symlink | Jerome Charaoui | |
2014-11-21 | Add a $hostkey_type variable that allows you to set which hostkey | Micah Anderson | |
types you want to support in your sshd_config. We use the ssh_version fact to determine the default hostkey types. Only enable rsa and ed25519 for ssh versions greater or equal to 6.5, otherwise enable rsa and dsa. Some distributions, such as debian, also enable ecdsa as a hostkey type, but this is a known bad NIST curve, so we do not enable that by default (thus deviating from the stock sshd config) | |||
2014-11-21 | Merge remote-tracking branch 'tails/feature/jessie-and-sid-templates' | Micah Anderson | |
2014-11-01 | Merge remote-tracking branch 'immerda/master' | Micah Anderson | |
2014-11-01 | Revert "get ecdsa host keys in Debian Wheezy" | Micah Anderson | |
This reverts commit 1eabfe1b590f6663c2558f949408a08fc5f58fa6. These shitty NIST curves are no good | |||
2014-09-17 | Copy the Debian sid template to a new one for Jessie. | intrigeri | |
Another option could be to symlink it, but the freeze is coming soon, so most likely they'll start to diverge at some point. | |||
2014-09-17 | Resynchronize Debian sid template with the configuration file currently ↵ | intrigeri | |
shipped by the package. | |||
2014-08-24 | Disable ECDSA key until we fix pubkey distribution | Silvio Rhatto | |
2014-08-19 | Dot not use DSA keys on squeeze | Silvio Rhatto | |
2014-08-19 | Dot not use DSA keys on wheezy | Silvio Rhatto | |
2014-08-19 | get ecdsa host keys in Debian Wheezy | kwadronaut | |
2014-08-19 | Oops | Silvio Rhatto | |
2014-08-19 | Back to hmac-sha1 on lenny/squeeze | Silvio Rhatto | |
2014-08-19 | Back to OpenSSH HMAC: SHA1 -> SHA2-512 (suggested by duraconf) | Silvio Rhatto | |
2014-08-15 | move to os release number on centos for selection | mh | |
2014-06-10 | Merge remote-tracking branch 'shared/master' | mh | |
Conflicts: manifests/init.pp | |||
2013-11-29 | unify centos sshd config and update it to latest upstream | mh | |
2013-11-08 | get ecdsa host keys in Debian Wheezy | kwadronaut | |
2013-07-20 | Back to hmac-sha1 as hmac-sha2-512 prevented squeeze systems to connect | Silvio Rhatto | |
2013-07-16 | Rollback: hmac-sha2-512 is just supported on newer systems | Silvio Rhatto | |
2013-07-16 | OpenSSH HMAC: SHA1 -> SHA2-512 (suggested by duraconf) | Silvio Rhatto | |
2013-01-17 | Merge branch 'master' of git://labs.riseup.net/shared-sshd | Silvio Rhatto | |
Conflicts: templates/sshd_config/Ubuntu_precise.erb |