libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-09-19 23:11:32 +02:00
Code Issues Projects Releases Packages Wiki Activity
611 commits 3 branches 70 tags 1.1 MiB
Commit graph

44 commits

Author SHA1 Message Date
Jakub Jelen
f6ae2094fe Update service/socket files to match main OS's defaults 
Specifics:
 * Debian 12 has no longer the instantiated service using inet, see the
   following commit:

0dc73888bb

 * I am not matching the Description tag verbosely as I do not find it
   crucial for functionality.
 * We generate additional -f switch to the sshd CLI pointing go the main
   sshd config we manage
 * The Before=sshd.service in the socket is not generated as I find it
   unnecessary when we conflict the service.
 * Recent Ubuntu versions have RuntimeDirectoryPreserve option, which I
   set for all Ubuntu/Debian as it should not hurt.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 2024-01-22 16:41:33 +01:00
Jakub Jelen
350a0e562b
fix: Avoid creation of runtime directories in home (#265) 2023-10-30 13:27:37 +00:00
EmyLIEUTAUD
0bc6d8f40b
feat: manage ssh certificates (#252) 
* Role configured to accept SSH connection via SSH certificates
* Works with or without principals and ansible-lint updated
* add test for SSH certificates authentication with principals
* Add configuration to run tests for SSH certificates authentication with principals
* tasks to use SSH certificates grouped into one file
* Update README.md
 2023-09-11 14:39:03 +01:00
Jakub Jelen
039aa32606 feat: Add missing configuration options available in Match block 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 2023-06-15 15:56:48 +02:00
Jakub Jelen
484da0584b feat: Add new options from OpenSSH 9.3 
This version is now available in Alpine.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 2023-06-15 15:56:48 +02:00
Jakub Jelen
a3065d070c Make sure the list options are correctly indented 
Inspired by similar issue reported and fixed in ssh client role
https://github.com/linux-system-roles/ssh/pull/80/

This wont work in RHEL6 (not allowed AcceptEnv in match blocks) so just
skip it here.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 2023-04-14 19:01:19 +02:00
Noriko Hosoi
3bc81d9f97 Fingerprint ansible-sshd managed config files 
- Add repo and role name to the generated config files.
  # willshersystems:ansible-sshd

Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
 2023-03-29 10:30:06 -07:00
Jakub Jelen
1c4197e341 Add configuration options from EL7 2022-09-27 22:32:57 +02:00
Jakub Jelen
ddb286111f Add missing configuration options from EL8 2022-09-27 22:32:57 +02:00
Jakub Jelen
1cf57fe318 Document internal __sshd_runtime_directory variable and use it in the service files 2022-09-27 22:32:57 +02:00
Jakub Jelen
1ae6284951 Add final version of RequiredRSASize 
Keep the old version for backward compatibility

Upstream commit:
https://github.com/openssh/openssh-portable/commit/1875042c
 2022-09-27 22:22:58 +02:00
Nikolaos Kakouros
6bb0d7b456 tMakes drop-in functionality configurable by the user 2022-08-26 20:23:51 +00:00
Rich Megginson
67d2339f03 Ensure values are cast to correct type 
https://github.com/willshersystems/ansible-sshd/issues/188
This shouldn't be necessary, but there seems no way to
guarantee using a version of Jinja which doesn't have this
problem.

In addition - it is not good practice to compare values to
`true` or `false` - instead, just ensure the value is a `bool`
type and evaluate in a boolean context.
 2022-08-16 08:36:57 +02:00
Rich Megginson
1bc8395ea8 Add parameter RSAMinSize to Match blocks 
This is a follow-on to https://github.com/willshersystems/ansible-sshd/pull/194
The previous PR added RSAMinSize as an option for the "body" of the
config file, but not for Match blocks.
 2022-07-28 15:43:35 -06:00
Rich Megginson
6c0ff316af add parameter RSAMinSize 
Add support for the new RSAMinSize parameter.
 2022-07-21 15:35:57 -06:00
Jakub Jelen
9c202bd60e Verify the Include is in main configuration file 
... if drop-in file is modified

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 2022-05-10 16:48:22 +02:00
Jakub Jelen
295f1930d4 Update templates to apply FIPS hostkeys filter 
This fixes up the commit 7f69d1e6

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
 2022-04-19 17:20:27 +02:00
Sergei Petrosian
44a7d8fb20 Use {{ ansible_managed | comment }} to fix multi-line ansible_managed 
BZ#2006230, BZ#2006231, BZ#2006233
 2021-09-21 12:44:12 +02:00
Jakub Jelen
c4db22f16d Add configuration options from OpenSSH 8.6 2021-06-12 08:31:10 +02:00
Jakub Jelen
3e9d408015 Remove boolean comparison and regenerate templates 2021-06-01 16:09:23 +02:00
Jakub Jelen
380ebd21d9 Support for appending a snippet to configuration file 2021-06-01 16:09:23 +02:00
Matt Willsher
62ae5d7856
Merge branch 'master' into crypto-policies 2020-10-15 10:02:03 +01:00
Jakub Jelen
e31592899c Allow listing match blocks in more nature manner 2020-10-08 18:11:00 +02:00
Jakub Jelen
71b3f87308 Add support for sysconfig on Fedora/RHEL 
This is useful for opting out from system-wide cryto policy for SSH
or configuring advanced use case (strong RNG seed).

Fixes: #141
 2020-10-06 21:11:39 +02:00
Jakub Jelen
b9fb457d2b Add missing configuration options from current OpenSSH 8.3p1 (Fedora 32) 
Fixes #125
 2020-09-14 18:30:20 +02:00
Matt Willsher
3c32998957 Remove duplicate GatewayPorts 2019-07-10 19:41:32 +01:00
Nikolaos Kakouros
d3d04cfdd7 Fixes bad option in systemd service file 2018-09-11 00:21:01 +02:00
Nikolaos Kakouros
f5c13ee90f Merge branch 'master' into systemd 2018-08-25 23:48:09 +02:00
Nikolaos Kakouros
5774f7f44f Adds ability to install a systemd service 2018-08-25 23:39:06 +02:00
Bob Vincent
3aa2d17876 Regenerate templates/sshd_config.j2 from meta files. 2018-08-17 11:54:45 -04:00
Tim Fletcher
4f0be6f5e7
Add StreamLocalBindUnlink option 
This option removes existing Unix-domain socket files before they are
used for forwarding targets.

Need to support gpg-agent forwarding with systemd
 2018-03-17 15:44:58 +01:00
Troy Fontaine
c6926634af Fixed sshd_match blocks 2017-04-06 20:37:21 -05:00
Matt Willsher
c42662efa9 Use @luto solution 
Simple and just works!
 2016-01-24 15:49:54 +00:00
Matt Willsher
03ce63e664 Conditionally set value = undefined to avoid trigger lvalue issue on CentOS 6 2016-01-24 12:37:58 +00:00
Matt Willsher
90992da436 Check that value is defined before calling render macro 2016-01-24 10:33:24 +00:00
Matt Willsher
125f8ae4f1 Add DebianBanner option 2015-07-23 18:30:03 +01:00
Matt Willsher
6da7bb1f55 Merge from develop changes 2015-01-04 12:51:40 +00:00
Matt Willsher
398a2f0b93 Remove empty lines, make match array or dict 2014-12-25 12:14:32 +00:00
Matt Willsher
b93f4c48db Add match support 2014-12-25 09:58:55 +00:00
Matt Willsher
b9261337be Ordering issues 2014-12-22 09:41:32 +00:00
Matt Willsher
26a0f5e350 Seperate defaults dict 2014-12-22 09:25:31 +00:00
Matt Willsher
1b5200c805 Improve option rendering, allow per OS defaults 2014-12-21 22:23:02 +00:00
Matt Willsher
c561b6e5f7 Allow overrides, force sftp for Ansible 2014-12-21 20:29:13 +00:00
Matt Willsher
220a5cdb54 Initial commit 2014-12-18 22:12:51 +00:00