| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2014-11-21 | Add a $hostkey_type variable that allows you to set which hostkey | Micah Anderson | |
| types you want to support in your sshd_config. We use the ssh_version fact to determine the default hostkey types. Only enable rsa and ed25519 for ssh versions greater or equal to 6.5, otherwise enable rsa and dsa. Some distributions, such as debian, also enable ecdsa as a hostkey type, but this is a known bad NIST curve, so we do not enable that by default (thus deviating from the stock sshd config) | |||
| 2014-11-21 | Merge remote-tracking branch 'tails/feature/jessie-and-sid-templates' | Micah Anderson | |
| 2014-11-01 | Merge remote-tracking branch 'immerda/master' | Micah Anderson | |
| 2014-11-01 | Revert "get ecdsa host keys in Debian Wheezy" | Micah Anderson | |
| This reverts commit 1eabfe1b590f6663c2558f949408a08fc5f58fa6. These shitty NIST curves are no good | |||
| 2014-09-17 | Copy the Debian sid template to a new one for Jessie. | intrigeri | |
| Another option could be to symlink it, but the freeze is coming soon, so most likely they'll start to diverge at some point. | |||
| 2014-09-17 | Resynchronize Debian sid template with the configuration file currently ↵ | intrigeri | |
| shipped by the package. | |||
| 2014-08-15 | move to os release number on centos for selection | mh | |
| 2014-06-10 | Merge remote-tracking branch 'shared/master' | mh | |
| Conflicts: manifests/init.pp | |||
| 2013-11-29 | unify centos sshd config and update it to latest upstream | mh | |
| 2013-11-08 | get ecdsa host keys in Debian Wheezy | kwadronaut | |
| 2013-01-02 | Merge commit '42fce2a4576dd97a270d4d875531b39920655edb' | mh | |
| 2013-01-02 | Merge remote-tracking branch 'shared/master' | mh | |
| 2012-11-07 | added Ubuntu precise support | nadir | |
| 2012-08-26 | fix variable name | mh | |
| 2012-06-18 | correct variable naming | mh | |
| 2012-06-08 | recmkdir is gone | mh | |
| 2012-06-05 | new style for 2.7 | mh | |
| 2012-02-03 | Adding sshd_config for oneiric | Silvio Rhatto | |
| 2011-07-21 | Adding PrintMotd parameter to all templates and setting per-distro default value | Silvio Rhatto | |
| 2011-07-16 | Enable $ssh_hardened_ssl for FreeBSD | Gabriel Filion | |
| It is the only sshd_config template that didn't have this option, so copy it from the other templates. Signed-off-by: Gabriel Filion <lelutin@gmail.com> | |||
| 2011-07-14 | Updating FreeBSD template for new sshd_ports variable | Silvio Rhatto | |
| 2011-07-13 | Removing sshd_use_strong_ciphers parameter as sshd_hardened_ssl does the job | Silvio Rhatto | |
| 2011-07-13 | Merge branch 'master' of git://labs.riseup.net/shared-sshd | Silvio Rhatto | |
| 2011-06-21 | Merge remote-tracking branch 'lelutin/freebsd' | Micah Anderson | |
| 2011-06-21 | Merge branch 'feature/debian_wheezy' | intrigeri | |
| 2011-06-21 | Add sshd_config template for Debian Wheezy. | intrigeri | |
| Currently, this is a symlink to the Debian sid's one, which I've recently resync'd. Once Wheezy is frozen, we'll want to fork its own template. | |||
| 2011-06-21 | New opt-in support to only use strong SSL ciphers and MACs. | intrigeri | |
| The new configuration variable is $sshd_hardened_ssl. Settings were stolen from https://github.com/ioerror/duraconf.git. | |||
| 2011-02-23 | Changing strong cipher to aes128-crt | Silvio Rhatto | |
| 2011-02-23 | Adding sshd_use_strong_ciphers to all sshd_config templates | Silvio Rhatto | |
| 2011-02-23 | Changing parameter name sshd_perfect_forward_secrecy to ↵ | Silvio Rhatto | |
| sshd_use_strong_ciphers as sshd already does PFS | |||
| 2011-02-22 | Merge remote-tracking branch 'lelutin/ubuntu' | Micah Anderson | |
| 2011-02-21 | FreeBSD: Use variables for the Kerberos options | Gabriel Filion | |
| Signed-off-by: Gabriel Filion <lelutin@gmail.com> | |||
| 2011-02-21 | remove HostbasedUsesNameFromPacketOnly yes from Debian sshd_config ↵ | Micah Anderson | |
| templates. This is not set in the Debian templates by default, and the default is actually no, not yes. If someone wishes to make a configuration variable they can, otherwise head/tail_additional options can be used | |||
| 2011-02-21 | Resync Debian sid template with the Squeeze's one. | intrigeri | |
| Currently, the only difference is LoginGraceTime, that defaults to 600 in sid. | |||
| 2011-02-21 | Merge remote branch 'lelutin/debian_template' | intrigeri | |
| 2011-02-19 | Updating lucid template with new ssh port scheme | Silvio Rhatto | |
| 2011-02-19 | Merge branch 'master' of git://labs.riseup.net/shared-sshd | Silvio Rhatto | |
| Conflicts: templates/sshd_config/Debian_squeeze.erb | |||
| 2011-02-14 | Merge remote branch 'shared/master' | intrigeri | |
| Conflicts: templates/sshd_config/Debian_squeeze.erb I always picked the shared repository version when conflicts arose. The only exception to this rule was: I kept my branch's "HostbasedUsesNameFromPacketOnly yes" in order to be consistent with existing Etch and Lenny templates. This is not the default Debian setting, but I would find it weird if a host had this setting changed by Puppet after upgrading to Squeeze. The right way to proceed would probably be to make this configurable. | |||
| 2011-02-13 | Perfect forward secrecy config at squeeze template | Silvio Rhatto | |
| 2011-02-13 | Merge branch 'master' of git://labs.riseup.net/shared-sshd | Silvio Rhatto | |
| 2011-01-30 | Enable support for Ubuntu | Gabriel Filion | |
| The sshd class currently has a mechanism to make resources for Ubuntu similar to the ones for Debian, but the sshd::client class doesn't. Also, There are no templates for sshd_config on Ubuntu so provide for them. Since Ubuntu releases almost all use ssh versions that are as recent as the Debian squeeze one, and the default sshd_config file is usually the same as on Debian, add a default (Ubuntu.erb) template so that it fits all Ubuntu releases. Signed-off-by: Gabriel Filion <lelutin@gmail.com> | |||
| 2011-01-30 | Add sshd_config template for Debian sid | Gabriel Filion | |
| Debian's unstable branch currently has no template for sshd_config, and thus cannot use the sshd class. Add a template for Debian sid. Signed-off-by: Gabriel Filion <lelutin@gmail.com> | |||
| 2011-01-30 | Finish fixing ChallengeResponseAuthentication | Gabriel Filion | |
| This value was hardcoded in both the Debian lenny and etch templates. The lenny template was fixed with commit 167cf532711ac88 but the etch template was left out. Fix the etch template so that the ChallengeResponseAuthentication instruction is not overridden. Signed-off-by: Gabriel Filion <lelutin@gmail.com> | |||
| 2011-01-30 | Add an sshd_config template for FreeBSD | Gabriel Filion | |
| Since there is no "catch-all" default configuration file for sshd, we need to add for each OS. Add a template for FreeBSD so that sshd can be configured on this OS. Signed-off-by: Gabriel Filion <lelutin@gmail.com> | |||
| 2010-12-20 | fix debian squeeze sshd_config template to add a missing newline | Micah Anderson | |
| 2010-12-16 | Introducing perfect forward secrecy for SSH | Silvio Rhatto | |
| 2010-12-15 | remote KerberosGetAFSToken, its actually not a functional configuration ↵ | Micah Anderson | |
| option, even though it is listed in the man page, and commented out in the default config file. I filed a bug with debian (#607238) | |||
| 2010-12-14 | "ChallengeResponseAuthentication no" was being hardcoded later in the Debian ↵ | Micah Anderson | |
| Lenny sshd_config template, even though we offer it as a variable. With this commit, the variable will actually work, rather than be overriden | |||
| 2010-12-14 | add Debian Squeeze sshd template. Enabled kerberos and gssapi options, using ↵ | Micah Anderson | |
| the defaults when not specified | |||
| 2010-10-21 | lenny already has AcceptEnv by default | mh | |
 |
index : puppet-sshd | |
| Puppet module for sshd | Fluxo |
| aboutsummaryrefslogtreecommitdiff |