summaryrefslogtreecommitdiff
path: root/puppet/modules/site_sshd
AgeCommit message (Collapse)Author
2017-02-23Dont apply specific ssh parameters for wheezyvarac
2016-07-13Notify Exec[shorewall_check] not Service[shorew..]varac
Latest shorewall module does `shorewall check` (executed by `Exec[shorewall_check]`) so every related resource change must notify this Exec instead of `Service[shorewall]` as before.
2016-04-25[style] lint further morevarac
- ignore puppet lint error about inheriting from different namespace
2016-02-11Allow ecdsa hostkeys (#7642) until we can safely transition providers toMicah
better key algorithm choices. Change-Id: I6b9ec83dbfbf15d1b65e14145bf625db6517f6b7
2015-12-02[deprec] use @ in front of erb template tagsvarac
2015-11-28[bug] Don't enable storedconfig in sshd classvarac
- Related: #7615
2015-11-19[bug] Use right sshd Ciphers and MACs for wheezyvarac
- Tested: [unstable.bitmask.net]
2015-11-17[bug] Don't limit sshd KexAlgorithmsvarac
- #7591 Net::SSH::Exception: could not settle on kex algorithm We need to disable the ssh hardened mode, because it will not work together with the net-ssh gem leap_cli is pinned to. All other options that would be included by this parameter are included by '$::sshd::tail_additional_options'.
2015-09-10sshd: let nodes change default AllowTcpForwardingelijah
2014-11-25include a host information in ssh_config for ever possible host a given node ↵elijah
might communicate with. this includes port and host key algorithm. closes #6432
2014-11-01stop using bad nist curve for ssh host key (#6294)Micah Anderson
update port parameter in site_sshd to be an array, otherwise puppet errors about it being a Fixnum with new sshd module Change-Id: I854d042edb98817169eef5e758d04d60d3c71dd5
2014-08-21Fix "Nagios ssh check is automatically added by the ssh module and cantains ↵varac
a wrong hostname on single node setup (Bug #5998)" before, the ssh module added this check, resulting in a wrong hostname and the port was always '22'. manage_nagios parameter is boolean, so we use false instead of 'no' manually add check_ssh to nagios (#5998)
2014-05-27Add missing scope to top-level sshd class, passing necessary parametersMicah Anderson
for configuration (#3108) Change-Id: I4f94a47d47a40bfc6835359e7781707f96e91db0
2014-05-27Switch away from site_config::sshd and instead just include site_sshdMicah Anderson
The existing site_config::sshd had a non-functioning 'include sshd' line in it that was not doing what was expected (this was supposed to include the sshd module, but due to scoping was including itself). It seemed better to eliminate some of the unused pieces and consolidate into one config location. Change-Id: I79dd904e696ca646180a09abbb03b5361dfc8ab9
2014-05-27clarify comments in site_sshd::authorized_keysMicah Anderson
Change-Id: I679dfe8dff90b7c86ab0ffff43e13958f1ec2c99
2014-02-14Include check_mk monitor pubkey in /root/.ssh/authorized_keysvarac
instead of creating a /root/.ssh/authorized_keys2 see https://review.leap.se/r/148/#comment153
2014-02-12Merge branch '0.6' into 4982_check_mkvarac
2014-02-10turn off StrictHostKeyChecking for vagrant ssh clientselijah
2014-02-10use default value for hiera lookup (#5118)varac
2014-02-10Merge remote-tracking branch 'elijah/feature/known_hosts' into 4982_check_mkvarac
Conflicts: platform.rb
2014-02-09deploy a valid /etc/ssh/ssh_known_hosts for all nodes (requires new leap_cli)elijah
2014-02-06add a comment why we use a custom way to populate authorized_keysvarac
2013-06-30switch to own define for managing ssh keysvarac
The problem with puppet's built-in ssh_authorized_key is that you can purge unmanaged keys in a authorized_keys file. see https://leap.se/code/issues/3010 for details. Conflicts: puppet/modules/site_sshd/manifests/authorized_keys.pp Change-Id: I640bf7ebc0f0f7fb19cc46feb4cb2702d6561a9b
2013-06-30modularize and standardize site_sshd:Micah Anderson
. move the setting of the xterm title to site_config::shell . change the xterm file resource to use standard source lines, switch to single quotes, quote mode, and line up parameters . move the mosh pieces into a site_ssh::mosh class and only include it if the right mosh variable is enabled, passing into the class the necessary hiera parameters . lint the site_ssh::mosh resources . change the authorized_keys class to accept the key parameter which is passed in from the main ssh class (but allow for out of scope variable lookup when the tag is passed) Change-Id: Ieec5a3932de9bad1b98633032b28f88e91e46604
2013-06-28added site_sshd::authorized_keysvarac
2013-05-30site_sshd -- added xterm title, optional support for moshelijah
2012-09-23beginning of site_sshdvarac