Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
It is the only sshd_config template that didn't have this option, so
copy it from the other templates.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
Currently, this is a symlink to the Debian sid's one, which I've recently
resync'd. Once Wheezy is frozen, we'll want to fork its own template.
|
|
The new configuration variable is $sshd_hardened_ssl.
Settings were stolen from https://github.com/ioerror/duraconf.git.
|
|
|
|
|
|
sshd_use_strong_ciphers as sshd already does PFS
|
|
|
|
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
|
|
templates. This is not set in the Debian templates by default, and the default is actually no, not yes. If someone wishes to make a configuration variable they can, otherwise head/tail_additional options can be used
|
|
Currently, the only difference is LoginGraceTime, that defaults to 600 in sid.
|
|
|
|
|
|
Conflicts:
templates/sshd_config/Debian_squeeze.erb
|
|
Conflicts:
templates/sshd_config/Debian_squeeze.erb
I always picked the shared repository version when conflicts arose.
The only exception to this rule was:
I kept my branch's "HostbasedUsesNameFromPacketOnly yes" in order
to be consistent with existing Etch and Lenny templates.
This is not the default Debian setting, but I would find it weird if a host
had this setting changed by Puppet after upgrading to Squeeze.
The right way to proceed would probably be to make this configurable.
|
|
|
|
|
|
The sshd class currently has a mechanism to make resources for Ubuntu
similar to the ones for Debian, but the sshd::client class doesn't.
Also, There are no templates for sshd_config on Ubuntu so provide for
them. Since Ubuntu releases almost all use ssh versions that are as
recent as the Debian squeeze one, and the default sshd_config file is
usually the same as on Debian, add a default (Ubuntu.erb) template so
that it fits all Ubuntu releases.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
|
|
Debian's unstable branch currently has no template for sshd_config, and
thus cannot use the sshd class.
Add a template for Debian sid.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
|
|
This value was hardcoded in both the Debian lenny and etch templates.
The lenny template was fixed with commit 167cf532711ac88 but the etch
template was left out.
Fix the etch template so that the ChallengeResponseAuthentication
instruction is not overridden.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
|
|
Since there is no "catch-all" default configuration file for sshd, we
need to add for each OS.
Add a template for FreeBSD so that sshd can be configured on this OS.
Signed-off-by: Gabriel Filion <lelutin@gmail.com>
|
|
|
|
|
|
option, even though it is listed in the man page, and commented out in the default config file. I filed a bug with debian (#607238)
|
|
Lenny sshd_config template, even though we offer it as a variable. With this commit, the variable will actually work, rather than be overriden
|
|
the defaults when not specified
|
|
|
|
|
|
Backward compatibility is preserved.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- added new upstream options
- don't put new lines for control statements
|
|
|
|
$sshd_port parameter, which simply puts a comment in front of that
option, rather than specifying it.
|
|
sshd_head_additional_options and one called sshd_tail_additional_options.
the first puts the value at the beginning of the file, and the second at
the end.
This is necessary due to some option ordering requiring things to be
before others
|
|
configuration line to get the sshd_config file defaults to be more
like the standard shipped defaults from Debian
|
|
printed via PAM.
Without it set, it is defaulted to 'yes', which results in the MOTD being printed twice, so
we return the Debian default configuration in this commit
|