EmyLIEUTAUD
0bc6d8f40b
feat: manage ssh certificates ( #252 )
...
* Role configured to accept SSH connection via SSH certificates
* Works with or without principals and ansible-lint updated
* add test for SSH certificates authentication with principals
* Add configuration to run tests for SSH certificates authentication with principals
* tasks to use SSH certificates grouped into one file
* Update README.md
2023-09-11 14:39:03 +01:00
Jakub Jelen
04f056867c
Add support for managing selinux and firewall on RHEL
2023-01-13 10:42:40 +01:00
Nikolaos Kakouros
6bb0d7b456
tMakes drop-in functionality configurable by the user
2022-08-26 20:23:51 +00:00
Nikolaos Kakouros
87ed3d4c15
Addresses comments and linters
2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
db39a733aa
Moves internal non-overridable variables out of defaults
2022-08-23 15:18:41 +02:00
Nikolaos Kakouros
4e22a9618d
Fixes un-overrideable public api variables
2022-08-23 15:18:41 +02:00
Jakub Jelen
9c202bd60e
Verify the Include is in main configuration file
...
... if drop-in file is modified
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-05-10 16:48:22 +02:00
Jakub Jelen
c515ffdf94
Move the common variables to separate file
2022-04-19 17:20:27 +02:00
Jakub Jelen
c1d1cdfeac
Reuse the list of skipped virtualization environments
2022-04-19 17:20:27 +02:00
Jakub Jelen
ff56d75a6e
Update documentation with recent changes
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
860e533713
Introduce default hostkeys to check when using drop-in directory
...
Previously no hostkeys were checked if they were not present
in the generated configuration file. When the drop-in directory is
used, usually, there are no hostkeys in that file and no sanity
check for hostkeys was executed.
This amends the "auto" value for the hostkeys check to allow checking
for default hostkeys that are read by OpenSSH by default.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-19 17:20:27 +02:00
Jakub Jelen
67fee24ecb
Address review comments (to be squashed)
2021-11-16 15:05:22 +01:00
Jakub Jelen
7f69d1e69a
Filter out Ed25519 keys from default in FIPS mode
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-16 15:05:22 +01:00
Jakub Jelen
8a85e7309b
Rename sshd_namespace_append to sshd_config_namespace
2021-06-11 21:49:31 +02:00
Jakub Jelen
00ad695691
Move defaults to vars/main.yml
2021-06-10 19:53:00 +02:00
Jakub Jelen
e8b751335e
Use proper variable precedence for configuratil file variables
2021-06-10 19:53:00 +02:00
Jakub Jelen
345eeed0c0
Fix variable precedence for sshd_hostkey_* variables
...
This worked fine with the new include_role: invocation, but not with
the old roles: invocation.
2021-06-10 19:53:00 +02:00
Jakub Jelen
380ebd21d9
Support for appending a snippet to configuration file
2021-06-01 16:09:23 +02:00
Jakub Jelen
6b36488299
Check runtime directory for running CI in Debian and Ubuntu
2020-12-11 13:25:19 +01:00
Jakub Jelen
823cd2d055
Fix typos
2020-11-16 11:20:56 +01:00
Jakub Jelen
dd820d1c24
Implement hostkey checks
...
This is useful during provisioning, when the keys were not generated
by sshd-keygen service or similar principles depending on operating
system.
This is also helpful when running this role in containers, where
is no service running either.
The keys are generally readable only by root, but in RHEL and Fedora,
they are readable also by group ssh_keys, which is used for hostbased
authentication.
This should fix #111
2020-11-16 11:10:16 +01:00
Jakub Jelen
7741a06714
Document missing configuraiton variables & sort
...
as recommended by best practices:
> Every argument accepted from outside of the role should be given
> a default value in defaults/main.yml.
https://github.com/oasis-roles/meta_standards#vars-vs-defaults
2020-11-16 11:10:16 +01:00
Jakub Jelen
f32003f051
Remove set_facts tasks not to polute global namespace
...
The usage of set_facts inside of roles is not recommended if
it is used for internal variables used only inside of the role.
It is recommended to use variables with smaller scope to avoid
inter-dependencies between different invocations of the same
role as demonstrated in the tests_alternative_file.yml later
in the patch series
ttps://github.com/oasis-roles/meta_standards#ansible-best-practices
2020-11-06 12:04:41 +01:00
Jakub Jelen
71b3f87308
Add support for sysconfig on Fedora/RHEL
...
This is useful for opting out from system-wide cryto policy for SSH
or configuring advanced use case (strong RNG seed).
Fixes : #141
2020-10-06 21:11:39 +02:00
Jakub Jelen
f0de8fb16e
Backup old configuration by default as recommended by OASIS
...
https://github.com/oasis-roles/meta_standards#generating-files-from-templates
2020-09-23 14:49:42 +02:00
Jakub Jelen
2c574fdcba
avoid the use of True and False for boolean values
...
These are not in yml specification and come from python. Behavior
can differ in particular YAML implementation.
2020-09-23 14:43:40 +02:00
Nikolaos Kakouros
a6a21a9565
Adds on/off toggle
2018-09-08 09:14:39 +02:00
Nikolaos Kakouros
1c511219bf
Updates README
2018-09-07 01:36:35 +02:00
Nikolaos Kakouros
f5c13ee90f
Merge branch 'master' into systemd
2018-08-25 23:48:09 +02:00
Nikolaos Kakouros
5774f7f44f
Adds ability to install a systemd service
2018-08-25 23:39:06 +02:00
Andrew Eason
814fa367d4
expose sshd_config template backup option with sshd_backup
2018-07-27 10:08:17 -04:00
jamatute
f858380070
* defaults typo
2017-08-16 11:11:31 +02:00
Matt Willsher
43ed7c19a2
Fix Ansible 2.3 warnings
2017-05-04 14:31:26 +01:00
Harald Koch
f36d32e833
cleanup Archlinux support to match defaults in current package (openssh-7.4p1-2)
2017-02-11 11:11:18 -05:00
Aleksandr Kostyrev
7daa715bde
Fix sshd_manage_var_run check
2015-08-12 23:29:51 +03:00
Aleksandr Kostyrev
445261a297
Do not manage /var/run/sshd on CentOS7 fixes #27
2015-08-12 18:41:46 +03:00
Matt Willsher
812a1e1267
Fix issues raised in #22
2015-06-28 10:18:45 +01:00
jitakirin
bcd864fea4
Add sshd_manage_service option
...
Allows disabling management of SSHd service completely, which is handy
when used in a container (where ansible is usually used during build
phase).
2015-06-25 14:54:24 +01:00
Matt Willsher
964496fcd1
Allow reload to be skipped
2015-01-13 17:42:10 +00:00
Matt Willsher
2194672579
Add EL6 defaults
2014-12-22 10:05:09 +00:00
Matt Willsher
26a0f5e350
Seperate defaults dict
2014-12-22 09:25:31 +00:00
Matt Willsher
1b5200c805
Improve option rendering, allow per OS defaults
2014-12-21 22:23:02 +00:00
Matt Willsher
c561b6e5f7
Allow overrides, force sftp for Ansible
2014-12-21 20:29:13 +00:00