Commit graph

45 commits

Author SHA1 Message Date
Jakub Jelen
ec0f975ce3 EL7 main service file requires mandatory environment file
note, that this is not the case for the instantiated, which is in sync
with everything else.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-02-15 16:57:48 +01:00
Jakub Jelen
f6ae2094fe Update service/socket files to match main OS's defaults
Specifics:
 * Debian 12 has no longer the instantiated service using inet, see the
   following commit:

0dc73888bb

 * I am not matching the Description tag verbosely as I do not find it
   crucial for functionality.
 * We generate additional -f switch to the sshd CLI pointing go the main
   sshd config we manage
 * The Before=sshd.service in the socket is not generated as I find it
   unnecessary when we conflict the service.
 * Recent Ubuntu versions have RuntimeDirectoryPreserve option, which I
   set for all Ubuntu/Debian as it should not hurt.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-01-22 16:41:33 +01:00
Jakub Jelen
350a0e562b
fix: Avoid creation of runtime directories in home (#265) 2023-10-30 13:27:37 +00:00
EmyLIEUTAUD
0bc6d8f40b
feat: manage ssh certificates (#252)
* Role configured to accept SSH connection via SSH certificates
* Works with or without principals and ansible-lint updated
* add test for SSH certificates authentication with principals
* Add configuration to run tests for SSH certificates authentication with principals
* tasks to use SSH certificates grouped into one file
* Update README.md
2023-09-11 14:39:03 +01:00
Jakub Jelen
039aa32606 feat: Add missing configuration options available in Match block
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2023-06-15 15:56:48 +02:00
Jakub Jelen
484da0584b feat: Add new options from OpenSSH 9.3
This version is now available in Alpine.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2023-06-15 15:56:48 +02:00
Jakub Jelen
a3065d070c Make sure the list options are correctly indented
Inspired by similar issue reported and fixed in ssh client role
https://github.com/linux-system-roles/ssh/pull/80/

This wont work in RHEL6 (not allowed AcceptEnv in match blocks) so just
skip it here.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2023-04-14 19:01:19 +02:00
Noriko Hosoi
3bc81d9f97 Fingerprint ansible-sshd managed config files
- Add repo and role name to the generated config files.
  # willshersystems:ansible-sshd

Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
2023-03-29 10:30:06 -07:00
Jakub Jelen
1c4197e341 Add configuration options from EL7 2022-09-27 22:32:57 +02:00
Jakub Jelen
ddb286111f Add missing configuration options from EL8 2022-09-27 22:32:57 +02:00
Jakub Jelen
1cf57fe318 Document internal __sshd_runtime_directory variable and use it in the service files 2022-09-27 22:32:57 +02:00
Jakub Jelen
1ae6284951 Add final version of RequiredRSASize
Keep the old version for backward compatibility

Upstream commit:
https://github.com/openssh/openssh-portable/commit/1875042c
2022-09-27 22:22:58 +02:00
Nikolaos Kakouros
6bb0d7b456 tMakes drop-in functionality configurable by the user 2022-08-26 20:23:51 +00:00
Rich Megginson
67d2339f03 Ensure values are cast to correct type
https://github.com/willshersystems/ansible-sshd/issues/188
This shouldn't be necessary, but there seems no way to
guarantee using a version of Jinja which doesn't have this
problem.

In addition - it is not good practice to compare values to
`true` or `false` - instead, just ensure the value is a `bool`
type and evaluate in a boolean context.
2022-08-16 08:36:57 +02:00
Rich Megginson
1bc8395ea8 Add parameter RSAMinSize to Match blocks
This is a follow-on to https://github.com/willshersystems/ansible-sshd/pull/194
The previous PR added RSAMinSize as an option for the "body" of the
config file, but not for Match blocks.
2022-07-28 15:43:35 -06:00
Rich Megginson
6c0ff316af add parameter RSAMinSize
Add support for the new RSAMinSize parameter.
2022-07-21 15:35:57 -06:00
Jakub Jelen
9c202bd60e Verify the Include is in main configuration file
... if drop-in file is modified

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
295f1930d4 Update templates to apply FIPS hostkeys filter
This fixes up the commit 7f69d1e6

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Sergei Petrosian
44a7d8fb20 Use {{ ansible_managed | comment }} to fix multi-line ansible_managed
BZ#2006230, BZ#2006231, BZ#2006233
2021-09-21 12:44:12 +02:00
Jakub Jelen
c4db22f16d Add configuration options from OpenSSH 8.6 2021-06-12 08:31:10 +02:00
Jakub Jelen
3e9d408015 Remove boolean comparison and regenerate templates 2021-06-01 16:09:23 +02:00
Jakub Jelen
380ebd21d9 Support for appending a snippet to configuration file 2021-06-01 16:09:23 +02:00
Matt Willsher
62ae5d7856
Merge branch 'master' into crypto-policies 2020-10-15 10:02:03 +01:00
Jakub Jelen
e31592899c Allow listing match blocks in more nature manner 2020-10-08 18:11:00 +02:00
Jakub Jelen
71b3f87308 Add support for sysconfig on Fedora/RHEL
This is useful for opting out from system-wide cryto policy for SSH
or configuring advanced use case (strong RNG seed).

Fixes: #141
2020-10-06 21:11:39 +02:00
Jakub Jelen
b9fb457d2b Add missing configuration options from current OpenSSH 8.3p1 (Fedora 32)
Fixes #125
2020-09-14 18:30:20 +02:00
Matt Willsher
3c32998957 Remove duplicate GatewayPorts 2019-07-10 19:41:32 +01:00
Nikolaos Kakouros
d3d04cfdd7 Fixes bad option in systemd service file 2018-09-11 00:21:01 +02:00
Nikolaos Kakouros
f5c13ee90f Merge branch 'master' into systemd 2018-08-25 23:48:09 +02:00
Nikolaos Kakouros
5774f7f44f Adds ability to install a systemd service 2018-08-25 23:39:06 +02:00
Bob Vincent
3aa2d17876 Regenerate templates/sshd_config.j2 from meta files. 2018-08-17 11:54:45 -04:00
Tim Fletcher
4f0be6f5e7
Add StreamLocalBindUnlink option
This option removes existing Unix-domain socket files before they are
used for forwarding targets.

Need to support gpg-agent forwarding with systemd
2018-03-17 15:44:58 +01:00
Troy Fontaine
c6926634af Fixed sshd_match blocks 2017-04-06 20:37:21 -05:00
Matt Willsher
c42662efa9 Use @luto solution
Simple and just works!
2016-01-24 15:49:54 +00:00
Matt Willsher
03ce63e664 Conditionally set value = undefined to avoid trigger lvalue issue on CentOS 6 2016-01-24 12:37:58 +00:00
Matt Willsher
90992da436 Check that value is defined before calling render macro 2016-01-24 10:33:24 +00:00
Matt Willsher
125f8ae4f1 Add DebianBanner option 2015-07-23 18:30:03 +01:00
Matt Willsher
6da7bb1f55 Merge from develop changes 2015-01-04 12:51:40 +00:00
Matt Willsher
398a2f0b93 Remove empty lines, make match array or dict 2014-12-25 12:14:32 +00:00
Matt Willsher
b93f4c48db Add match support 2014-12-25 09:58:55 +00:00
Matt Willsher
b9261337be Ordering issues 2014-12-22 09:41:32 +00:00
Matt Willsher
26a0f5e350 Seperate defaults dict 2014-12-22 09:25:31 +00:00
Matt Willsher
1b5200c805 Improve option rendering, allow per OS defaults 2014-12-21 22:23:02 +00:00
Matt Willsher
c561b6e5f7 Allow overrides, force sftp for Ansible 2014-12-21 20:29:13 +00:00
Matt Willsher
220a5cdb54 Initial commit 2014-12-18 22:12:51 +00:00