| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-05-07 | Adjust variable lookup in templates to silence deprecation warnings, fixes #1 | Jerome Charaoui | |
| 2015-05-04 | Change 'hardened_ssl' paramter to simply 'hardened', this makes more | Micah Anderson | |
| sense in general | |||
| 2014-11-21 | Add a $hostkey_type variable that allows you to set which hostkey | Micah Anderson | |
| types you want to support in your sshd_config. We use the ssh_version fact to determine the default hostkey types. Only enable rsa and ed25519 for ssh versions greater or equal to 6.5, otherwise enable rsa and dsa. Some distributions, such as debian, also enable ecdsa as a hostkey type, but this is a known bad NIST curve, so we do not enable that by default (thus deviating from the stock sshd config) | |||
| 2012-06-18 | correct variable naming | mh | |
| 2012-06-05 | new style for 2.7 | mh | |
| 2011-07-21 | Adding PrintMotd parameter to all templates and setting per-distro default value | Silvio Rhatto | |
| 2011-07-13 | Removing sshd_use_strong_ciphers parameter as sshd_hardened_ssl does the job | Silvio Rhatto | |
| 2011-07-13 | Merge branch 'master' of git://labs.riseup.net/shared-sshd | Silvio Rhatto | |
| 2011-06-21 | New opt-in support to only use strong SSL ciphers and MACs. | intrigeri | |
| The new configuration variable is $sshd_hardened_ssl. Settings were stolen from https://github.com/ioerror/duraconf.git. | |||
| 2011-02-23 | Adding sshd_use_strong_ciphers to all sshd_config templates | Silvio Rhatto | |
| 2011-02-23 | Changing parameter name sshd_perfect_forward_secrecy to ↵ | Silvio Rhatto | |
| sshd_use_strong_ciphers as sshd already does PFS | |||
| 2011-02-21 | remove HostbasedUsesNameFromPacketOnly yes from Debian sshd_config ↵ | Micah Anderson | |
| templates. This is not set in the Debian templates by default, and the default is actually no, not yes. If someone wishes to make a configuration variable they can, otherwise head/tail_additional options can be used | |||
| 2011-02-19 | Merge branch 'master' of git://labs.riseup.net/shared-sshd | Silvio Rhatto | |
| Conflicts: templates/sshd_config/Debian_squeeze.erb | |||
| 2011-02-14 | Merge remote branch 'shared/master' | intrigeri | |
| Conflicts: templates/sshd_config/Debian_squeeze.erb I always picked the shared repository version when conflicts arose. The only exception to this rule was: I kept my branch's "HostbasedUsesNameFromPacketOnly yes" in order to be consistent with existing Etch and Lenny templates. This is not the default Debian setting, but I would find it weird if a host had this setting changed by Puppet after upgrading to Squeeze. The right way to proceed would probably be to make this configurable. | |||
| 2011-02-13 | Perfect forward secrecy config at squeeze template | Silvio Rhatto | |
| 2010-12-20 | fix debian squeeze sshd_config template to add a missing newline | Micah Anderson | |
| 2010-12-15 | remote KerberosGetAFSToken, its actually not a functional configuration ↵ | Micah Anderson | |
| option, even though it is listed in the man page, and commented out in the default config file. I filed a bug with debian (#607238) | |||
| 2010-12-14 | add Debian Squeeze sshd template. Enabled kerberos and gssapi options, using ↵ | Micah Anderson | |
| the defaults when not specified | |||
| 2010-10-16 | Syntax fix. | intrigeri | |
| 2010-10-16 | New option sshd_ports that obsoletes sshd_port. | intrigeri | |
| Backward compatibility is preserved. | |||
| 2010-10-16 | Cleanup templates: sshd_port is guaranteed by init.pp not to be empty. | intrigeri | |
| 2010-10-03 | Add template for Debian Squeeze. | intrigeri | |
 |
index : puppet_sshd.git | |
| [puppet_sshd] | git repository hosting |
| summaryrefslogtreecommitdiff |