| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-10-09 | Merge branch 'disable_debian_banner' into 'master' | Jerome Charaoui | |
| disable the debian/ubuntu package version from being sent to clients dkg pointed out to riseup that our ssh servers were revealing the package version to clients, which is controlled by the DebianBanner config option. It exists in both Debian and Ubuntu and defaults to 'yes', so we explicitly set it to 'no' in the templates for those distros. See merge request !17 | |||
| 2015-09-11 | choose better MAC for squeeze and wheezy | Matt Taggart | |
| both squeeze (1:5.5p1-6+squeeze6) and wheezy (1:6.0p1-4+deb7u2) have MACs better than hmac-sha1 available in the default search, they both have hmac-sha2-512, hmac-sha2-256, and hmac-ripemd160. So switch to using hmac-sha2-512, which lets us lock down the client MACs more. | |||
| 2015-06-08 | Facter values changed in 2.x for XenServer | Jerome Charaoui | |
| 2015-05-22 | disable the debian/ubuntu package version from being sent to clients | Matt Taggart | |
| 2015-05-13 | sync LoginGraceTime with debian defaults | Antoine Beaupré | |
| 2015-05-07 | Adjust variable lookup in templates to silence deprecation warnings, fixes #1 | Jerome Charaoui | |
| 2015-05-04 | Implement enhanced MAC (Message Authentication Codes) according to | Micah Anderson | |
| installed version of openssh and https://stribika.github.io/2015/01/04/secure-secure-shell.html | |||
| 2015-05-04 | Implement enhanced symmetric cipher selection, based on | Micah Anderson | |
| https://stribika.github.io/2015/01/04/secure-secure-shell.html and version of openssh installed | |||
| 2015-05-04 | Implement KexAlgorithms settings, based on Key exchange section of | Micah Anderson | |
| https://stribika.github.io/2015/01/04/secure-secure-shell.html Note, that on some systems it is uncertain if they will have a new enough version of openssh installed, so on those a version test is done to see before setting them. | |||
| 2015-05-04 | Change 'hardened_ssl' paramter to simply 'hardened', this makes more | Micah Anderson | |
| sense in general | |||
| 2015-05-01 | remove Debian Lenny support | Micah Anderson | |
| 2015-04-17 | Merge remote-tracking branch 'micah/remove_etch' into shared | Antoine Beaupré | |
| Conflicts: templates/sshd_config/Debian_etch.erb | |||
| 2015-04-17 | Merge branch 'hostkey_type' into 'master' | Antoine Beaupré | |
| Hostkey type This is the pull request associated with: https://labs.riseup.net/code/issues/8285 See merge request !6 | |||
| 2015-04-17 | remove etch support | Micah Anderson | |
| 2015-01-22 | Add RedHat_xenenterprise template symlink | Jerome Charaoui | |
| 2014-11-21 | Add a $hostkey_type variable that allows you to set which hostkey | Micah Anderson | |
| types you want to support in your sshd_config. We use the ssh_version fact to determine the default hostkey types. Only enable rsa and ed25519 for ssh versions greater or equal to 6.5, otherwise enable rsa and dsa. Some distributions, such as debian, also enable ecdsa as a hostkey type, but this is a known bad NIST curve, so we do not enable that by default (thus deviating from the stock sshd config) | |||
| 2014-11-21 | Merge remote-tracking branch 'tails/feature/jessie-and-sid-templates' | Micah Anderson | |
| 2014-11-01 | Merge remote-tracking branch 'immerda/master' | Micah Anderson | |
| 2014-11-01 | Revert "get ecdsa host keys in Debian Wheezy" | Micah Anderson | |
| This reverts commit 1eabfe1b590f6663c2558f949408a08fc5f58fa6. These shitty NIST curves are no good | |||
| 2014-09-17 | Copy the Debian sid template to a new one for Jessie. | intrigeri | |
| Another option could be to symlink it, but the freeze is coming soon, so most likely they'll start to diverge at some point. | |||
| 2014-09-17 | Resynchronize Debian sid template with the configuration file currently ↵ | intrigeri | |
| shipped by the package. | |||
| 2014-08-15 | move to os release number on centos for selection | mh | |
| 2014-06-10 | Merge remote-tracking branch 'shared/master' | mh | |
| Conflicts: manifests/init.pp | |||
| 2013-11-29 | unify centos sshd config and update it to latest upstream | mh | |
| 2013-11-08 | get ecdsa host keys in Debian Wheezy | kwadronaut | |
| 2013-01-02 | Merge commit '42fce2a4576dd97a270d4d875531b39920655edb' | mh | |
| 2013-01-02 | Merge remote-tracking branch 'shared/master' | mh | |
| 2012-11-07 | added Ubuntu precise support | nadir | |
| 2012-08-26 | fix variable name | mh | |
| 2012-06-18 | correct variable naming | mh | |
| 2012-06-08 | recmkdir is gone | mh | |
| 2012-06-05 | new style for 2.7 | mh | |
| 2012-02-03 | Adding sshd_config for oneiric | Silvio Rhatto | |
| 2011-07-21 | Adding PrintMotd parameter to all templates and setting per-distro default value | Silvio Rhatto | |
| 2011-07-16 | Enable $ssh_hardened_ssl for FreeBSD | Gabriel Filion | |
| It is the only sshd_config template that didn't have this option, so copy it from the other templates. Signed-off-by: Gabriel Filion <lelutin@gmail.com> | |||
| 2011-07-14 | Updating FreeBSD template for new sshd_ports variable | Silvio Rhatto | |
| 2011-07-13 | Removing sshd_use_strong_ciphers parameter as sshd_hardened_ssl does the job | Silvio Rhatto | |
| 2011-07-13 | Merge branch 'master' of git://labs.riseup.net/shared-sshd | Silvio Rhatto | |
| 2011-06-21 | Merge remote-tracking branch 'lelutin/freebsd' | Micah Anderson | |
| 2011-06-21 | Merge branch 'feature/debian_wheezy' | intrigeri | |
| 2011-06-21 | Add sshd_config template for Debian Wheezy. | intrigeri | |
| Currently, this is a symlink to the Debian sid's one, which I've recently resync'd. Once Wheezy is frozen, we'll want to fork its own template. | |||
| 2011-06-21 | New opt-in support to only use strong SSL ciphers and MACs. | intrigeri | |
| The new configuration variable is $sshd_hardened_ssl. Settings were stolen from https://github.com/ioerror/duraconf.git. | |||
| 2011-02-23 | Changing strong cipher to aes128-crt | Silvio Rhatto | |
| 2011-02-23 | Adding sshd_use_strong_ciphers to all sshd_config templates | Silvio Rhatto | |
| 2011-02-23 | Changing parameter name sshd_perfect_forward_secrecy to ↵ | Silvio Rhatto | |
| sshd_use_strong_ciphers as sshd already does PFS | |||
| 2011-02-22 | Merge remote-tracking branch 'lelutin/ubuntu' | Micah Anderson | |
| 2011-02-21 | FreeBSD: Use variables for the Kerberos options | Gabriel Filion | |
| Signed-off-by: Gabriel Filion <lelutin@gmail.com> | |||
| 2011-02-21 | remove HostbasedUsesNameFromPacketOnly yes from Debian sshd_config ↵ | Micah Anderson | |
| templates. This is not set in the Debian templates by default, and the default is actually no, not yes. If someone wishes to make a configuration variable they can, otherwise head/tail_additional options can be used | |||
| 2011-02-21 | Resync Debian sid template with the Squeeze's one. | intrigeri | |
| Currently, the only difference is LoginGraceTime, that defaults to 600 in sid. | |||
| 2011-02-21 | Merge remote branch 'lelutin/debian_template' | intrigeri | |
 |
index : puppet_sshd.git | |
| [puppet_sshd] | git repository hosting |
| summaryrefslogtreecommitdiff |