Jakub Jelen
ec0f975ce3
EL7 main service file requires mandatory environment file
...
note, that this is not the case for the instantiated, which is in sync
with everything else.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-02-15 16:57:48 +01:00
Jakub Jelen
f6ae2094fe
Update service/socket files to match main OS's defaults
...
Specifics:
* Debian 12 has no longer the instantiated service using inet, see the
following commit:
0dc73888bb
* I am not matching the Description tag verbosely as I do not find it
crucial for functionality.
* We generate additional -f switch to the sshd CLI pointing go the main
sshd config we manage
* The Before=sshd.service in the socket is not generated as I find it
unnecessary when we conflict the service.
* Recent Ubuntu versions have RuntimeDirectoryPreserve option, which I
set for all Ubuntu/Debian as it should not hurt.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-01-22 16:41:33 +01:00
Jakub Jelen
350a0e562b
fix: Avoid creation of runtime directories in home ( #265 )
2023-10-30 13:27:37 +00:00
EmyLIEUTAUD
0bc6d8f40b
feat: manage ssh certificates ( #252 )
...
* Role configured to accept SSH connection via SSH certificates
* Works with or without principals and ansible-lint updated
* add test for SSH certificates authentication with principals
* Add configuration to run tests for SSH certificates authentication with principals
* tasks to use SSH certificates grouped into one file
* Update README.md
2023-09-11 14:39:03 +01:00
Jakub Jelen
039aa32606
feat: Add missing configuration options available in Match block
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2023-06-15 15:56:48 +02:00
Jakub Jelen
484da0584b
feat: Add new options from OpenSSH 9.3
...
This version is now available in Alpine.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2023-06-15 15:56:48 +02:00
Jakub Jelen
a3065d070c
Make sure the list options are correctly indented
...
Inspired by similar issue reported and fixed in ssh client role
https://github.com/linux-system-roles/ssh/pull/80/
This wont work in RHEL6 (not allowed AcceptEnv in match blocks) so just
skip it here.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2023-04-14 19:01:19 +02:00
Noriko Hosoi
3bc81d9f97
Fingerprint ansible-sshd managed config files
...
- Add repo and role name to the generated config files.
# willshersystems:ansible-sshd
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
2023-03-29 10:30:06 -07:00
Jakub Jelen
1c4197e341
Add configuration options from EL7
2022-09-27 22:32:57 +02:00
Jakub Jelen
ddb286111f
Add missing configuration options from EL8
2022-09-27 22:32:57 +02:00
Jakub Jelen
1cf57fe318
Document internal __sshd_runtime_directory variable and use it in the service files
2022-09-27 22:32:57 +02:00
Jakub Jelen
1ae6284951
Add final version of RequiredRSASize
...
Keep the old version for backward compatibility
Upstream commit:
https://github.com/openssh/openssh-portable/commit/1875042c
2022-09-27 22:22:58 +02:00
Nikolaos Kakouros
6bb0d7b456
tMakes drop-in functionality configurable by the user
2022-08-26 20:23:51 +00:00
Rich Megginson
67d2339f03
Ensure values are cast to correct type
...
https://github.com/willshersystems/ansible-sshd/issues/188
This shouldn't be necessary, but there seems no way to
guarantee using a version of Jinja which doesn't have this
problem.
In addition - it is not good practice to compare values to
`true` or `false` - instead, just ensure the value is a `bool`
type and evaluate in a boolean context.
2022-08-16 08:36:57 +02:00
Rich Megginson
1bc8395ea8
Add parameter RSAMinSize to Match blocks
...
This is a follow-on to https://github.com/willshersystems/ansible-sshd/pull/194
The previous PR added RSAMinSize as an option for the "body" of the
config file, but not for Match blocks.
2022-07-28 15:43:35 -06:00
Rich Megginson
6c0ff316af
add parameter RSAMinSize
...
Add support for the new RSAMinSize parameter.
2022-07-21 15:35:57 -06:00
Jakub Jelen
9c202bd60e
Verify the Include is in main configuration file
...
... if drop-in file is modified
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
295f1930d4
Update templates to apply FIPS hostkeys filter
...
This fixes up the commit 7f69d1e6
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Sergei Petrosian
44a7d8fb20
Use {{ ansible_managed | comment }} to fix multi-line ansible_managed
...
BZ#2006230, BZ#2006231, BZ#2006233
2021-09-21 12:44:12 +02:00
Jakub Jelen
c4db22f16d
Add configuration options from OpenSSH 8.6
2021-06-12 08:31:10 +02:00
Jakub Jelen
3e9d408015
Remove boolean comparison and regenerate templates
2021-06-01 16:09:23 +02:00
Jakub Jelen
380ebd21d9
Support for appending a snippet to configuration file
2021-06-01 16:09:23 +02:00
Matt Willsher
62ae5d7856
Merge branch 'master' into crypto-policies
2020-10-15 10:02:03 +01:00
Jakub Jelen
e31592899c
Allow listing match blocks in more nature manner
2020-10-08 18:11:00 +02:00
Jakub Jelen
71b3f87308
Add support for sysconfig on Fedora/RHEL
...
This is useful for opting out from system-wide cryto policy for SSH
or configuring advanced use case (strong RNG seed).
Fixes : #141
2020-10-06 21:11:39 +02:00
Jakub Jelen
b9fb457d2b
Add missing configuration options from current OpenSSH 8.3p1 (Fedora 32)
...
Fixes #125
2020-09-14 18:30:20 +02:00
Matt Willsher
3c32998957
Remove duplicate GatewayPorts
2019-07-10 19:41:32 +01:00
Nikolaos Kakouros
d3d04cfdd7
Fixes bad option in systemd service file
2018-09-11 00:21:01 +02:00
Nikolaos Kakouros
f5c13ee90f
Merge branch 'master' into systemd
2018-08-25 23:48:09 +02:00
Nikolaos Kakouros
5774f7f44f
Adds ability to install a systemd service
2018-08-25 23:39:06 +02:00
Bob Vincent
3aa2d17876
Regenerate templates/sshd_config.j2 from meta files.
2018-08-17 11:54:45 -04:00
Tim Fletcher
4f0be6f5e7
Add StreamLocalBindUnlink option
...
This option removes existing Unix-domain socket files before they are
used for forwarding targets.
Need to support gpg-agent forwarding with systemd
2018-03-17 15:44:58 +01:00
Troy Fontaine
c6926634af
Fixed sshd_match blocks
2017-04-06 20:37:21 -05:00
Matt Willsher
c42662efa9
Use @luto solution
...
Simple and just works!
2016-01-24 15:49:54 +00:00
Matt Willsher
03ce63e664
Conditionally set value = undefined to avoid trigger lvalue issue on CentOS 6
2016-01-24 12:37:58 +00:00
Matt Willsher
90992da436
Check that value is defined before calling render macro
2016-01-24 10:33:24 +00:00
Matt Willsher
125f8ae4f1
Add DebianBanner option
2015-07-23 18:30:03 +01:00
Matt Willsher
6da7bb1f55
Merge from develop changes
2015-01-04 12:51:40 +00:00
Matt Willsher
398a2f0b93
Remove empty lines, make match array or dict
2014-12-25 12:14:32 +00:00
Matt Willsher
b93f4c48db
Add match support
2014-12-25 09:58:55 +00:00
Matt Willsher
b9261337be
Ordering issues
2014-12-22 09:41:32 +00:00
Matt Willsher
26a0f5e350
Seperate defaults dict
2014-12-22 09:25:31 +00:00
Matt Willsher
1b5200c805
Improve option rendering, allow per OS defaults
2014-12-21 22:23:02 +00:00
Matt Willsher
c561b6e5f7
Allow overrides, force sftp for Ansible
2014-12-21 20:29:13 +00:00
Matt Willsher
220a5cdb54
Initial commit
2014-12-18 22:12:51 +00:00