ansible-sshd/CHANGELOG.md
Rich Megginson 01b5325438 v0.18.2
2023-04-06 14:28:24 -06:00

12 KiB

Changelog

[v0.18.2] - 2023-04-06

New Features

  • none

Bug Fixes

  • Fedora 38 has no longer non-standard hostkey permissions

Other Changes

  • Fingerprint ansible-sshd managed config files

[v0.18.1] - 2023-01-17

New Features

  • Add support for Alpine OS (#212)
  • Add support for managing selinux and firewall on RHEL-based systems (#211)

Bug Fixes

  • Update tests to not use configuration options available in system defaults (#213)
  • Improve manual pages processing in tests to accommodate Alpine's busybox man (#213)

Other Changes

  • Add a Github action to check for non-inclusive language (#215)

[v0.18.0] - 2022-09-27

New Features

  • Adding support for OpenWrt 21.03

  • Add final version of RequiredRSASize

Keep the old version for backward compatibility

Upstream commit: https://github.com/openssh/openssh-portable/commit/1875042c

Bug Fixes

  • Update source template to match generated files

Other Changes

  • Remove legacy files

  • Update pre-commit plugins to latest

  • Linting fixes

  • keep v prefix in version/tag

Keep the v prefix in the version/tag

[v0.17.0] - 2022-08-31

New Features

  • Make drop-in config file functionality configurable by user

This PR simplifies the logic behind the drop-in config files and also allows the user to use drop-in configs even if the distribution does not support it out of the box.

Bug Fixes

  • Allow user to override variables

A previous commit hardcoded many variables to the values under vars/, making it impossible for the user to parameterize things like the systemd service name. The assumption was that the _sshd* variables were useless in an effort to blindly adhere to best practices, but they were crucial in allowing flexibility to the user.

Other Changes

  • none

[v0.16.1] - 2022-07-28

New Features

  • add parameter RSAMinSize

Add support for the new RSAMinSize parameter.

Bug Fixes

  • Ensure values are cast to correct type

https://github.com/willshersystems/ansible-sshd/issues/188 This shouldn't be necessary, but there seems no way to guarantee using a version of Jinja which doesn't have this problem.

In addition - it is not good practice to compare values to true or false - instead, just ensure the value is a bool type and evaluate in a boolean context.

Other Changes

  • Addition notes about secondary variables
  • Fix various linting issues
  • Revert incorrect module name
  • tests: Do not be picky about spaces/tabs

When testing with cloud-init, it modifies the sshd_configuration and can replace some tabs with whitespaces. This happens frequently around the subsystem keyword. There are no functional changes, but the matching did not work as expected.

Signed-off-by: Jakub Jelen jjelen@redhat.com

  • the role still supports ansible 2.9

  • Add CHANGELOG.md

  • Add changelog_to_tag.yml to .github/workflows

Description: When a new changelog section is added to CHANGELOG.md and pushed, changelog_to_tag.yml is triggered, which generates a new tag and a new release.

[v0.15.1] - 2022-06-02

New Features

  • none

Bug Fixes

  • Remove kvm from virtualization platforms

Other Changes

  • none

[v0.15.0] - 2022-05-10

New Features

  • Unbreak FIPS detection and stabilize failing tests and GH actions
  • Make sure Include is in the main configuration file when drop-in directory is used
  • Make the role FIPS-aware

Bug Fixes

  • Fix runtime directory check condition
  • README: fix meta/make_option_lists link

Other Changes

  • none

[v0.14.1] - 2021-09-23

New Features

  • none

Bug Fixes

  • Use {{ ansible_managed | comment }} to fix multi-line ansible_managed

Other Changes

  • none

[v0.14.0] - 2021-08-18

New Features

  • Drop support for Ansible 2.8 by bumping the Ansible version to 2.9

Bug Fixes

  • none

Other Changes

  • none

[v0.13.2] - 2021-08-18

New Features

  • Add Debian 11 bullseye support

Bug Fixes

  • Fix wrong template file

Other Changes

  • Remove travis configuration and update readme with new badges
  • Add CentOS 6 to CI

[v0.13.1] - 2021-08-03

New Features

  • Add support for RHEL 9 and adjust tests for it

Bug Fixes

  • none

Other Changes

  • none

[v0.13.0] - 2021-06-12

New Features

  • Add configuration options from OpenSSH 8.6p1
  • Rename sshd_namespace_append to sshd_config_namespace
  • Support for appending a snippet to configuration file
  • Update meta data and README
  • use state: absent instead of state: missing
  • [FreeBSD] Add Subsystem to _sshd_defaults
  • UsePrivilegeSeparation is deprecated since 2017/OpenSSH 7.5 - https://www.openssh.com/txt/release-7.5
  • examples: Provide simple example playbook

Bug Fixes

  • Fix variable precedence when invoked through legacy "roles:"
  • Fix issues found by linters - enable all tests on all repos - remove suppressions
  • README: Document missing exported variable

Other Changes

  • Improve test coverage with new test cases and new distros, fixing minor issues on the way

[v0.12.0] - 2020-11-16

New Features

  • none

Bug Fixes

  • none

Other Changes

  • Run tests with Github Actions and fix things on the way

[v0.11.1] - 2020-10-28

New Features

  • none

Bug Fixes

  • none

Other Changes

  • Rename tests to follow best practices and make galaxy linters happy

[v0.11.0] - 2020-10-15

New Features

  • Implement more natural match blocks and test them
  • Support /etc/sysconfig/sshd to override crypto policies and handle more advanced use cases

Bug Fixes

  • README: Fix missing code block termination
  • subsystem appears to be ignored

Other Changes

  • none

[v0.10.2] - 2020-09-24

New Features

  • none

Bug Fixes

  • Remove extra blank line
  • Disable broken ansible-lint-actions
  • Cleanup lint issues, update documentation, fix typos

Other Changes

  • Implement more coherence check tests

[v0.10.1] - 2020-09-23

New Features

  • Use ansible_distribution_major_version in variables
  • Create CODE_OF_CONDUCT.md

Bug Fixes

  • none

Other Changes

  • none

[v0.10.0] - 2020-09-18

New Features

  • Minimum version is now Ansible 2.8
  • exit_host on ansible >= 2.8
  • OpenBSD and ansible_distribution_major_version

Bug Fixes

  • none

Other Changes

  • none

[v0.9.1] - 2020-09-18

New Features

  • none

Bug Fixes

  • none

Other Changes

  • Ubuntu focal, CI updates, code quality improvements

[v0.9.0] - 2020-09-18

New Features

  • Add new options from OpenSSH 8.3p1 including CASignatureAlgorithms

Bug Fixes

  • none

Other Changes

  • none

[v0.8.2] - 2020-03-17

New Features

  • Add Gentoo support with secure sshd defaults

Bug Fixes

  • none

Other Changes

  • none

[v0.8.1] - 2019-11-19

New Features

  • add debian 10 buster support
  • Add vars for openSUSE Leap 15 and CentOS 8

Bug Fixes

  • none

Other Changes

  • none

[v0.8.0] - 2019-07-10

New Features

  • Remove duplicate GatewayPorts
  • AIX support including new AIX handler
  • Updates syntax to Ansible 2.7 era

Bug Fixes

  • none

Other Changes

  • none

[v0.7.6] - 2019-05-23

New Features

  • none

Bug Fixes

  • Travis fixes
  • Resolve lint errors

Other Changes

  • none

[v0.7.5] - 2019-04-29

New Features

  • Remove 'UsePrivilegeSeparation' from Fedora defaults
  • Backup of sshd_config dependent on variable

Bug Fixes

  • none

Other Changes

  • none

[v0.7.4] - 2019-03-03

New Features

  • none

Bug Fixes

  • Fix variable loading.

Other Changes

  • none

[v0.7.3] - 2019-02-20

New Features

  • Make role work with chroot connections on EL 7.

Bug Fixes

  • Remove deprecated options

Other Changes

  • none

[v0.7.2] - 2018-09-11

New Features

  • none

Bug Fixes

  • Fixes bad option in systemd service file

Other Changes

  • none

[v0.7.1] - 2018-09-08

New Features

  • Adds on/off toggle

Bug Fixes

  • none

Other Changes

  • none

[v0.7.0] - 2018-09-07

New Features

  • Adds ability to install a systemd service
  • Add Ubuntu_18.yml
  • Add missing options
  • expose sshd_config template backup option with sshd_backup variable

Bug Fixes

  • none

Other Changes

  • none

[v0.6.2] - 2018-06-16

New Features

  • Add CoreOS support

Bug Fixes

  • none

Other Changes

  • none

[v0.6.1] - 2018-06-05

New Features

  • none

Bug Fixes

  • Amazon var name should be sshd_defaults

Other Changes

  • none

[v0.6.0] - 2018-04-24

New Features

  • Remove Deprecated options in default SSH config
  • Add StreamLocalBindUnlink option
  • Makes handler use listen: option
  • Removes tags
  • change ansible_pkg_mgr for package

Bug Fixes

  • Fix for ansible_virtualization_type not being defined in Ansible > 2.5
  • Fix Arch Linux var file

Other Changes

  • none

[v0.5.1] - 2017-06-24

New Features

  • Add Debian 9 stretch vars

Bug Fixes

  • none

Other Changes

  • none

[v0.5.0] - 2017-05-04

New Features

  • Add note about UsePAM on RHEL 7

Bug Fixes

  • Ansible23 fixes
  • Remove circular symlink in tests dir

Other Changes

  • none

[v0.4.10] - 2017-04-07

New Features

  • none

Bug Fixes

  • Fixed sshd_match blocks

Other Changes

  • none

[v0.4.9] - 2017-03-20

New Features

  • none

Bug Fixes

  • Fix sshd service state

Other Changes

  • none

[v0.4.8] - 2017-02-11

New Features

  • clean Archlinux support to match the current package openssh-7.4p1-2
  • vars: SUSE: Add default variables for SUSE based distributions

Bug Fixes

  • none

Other Changes

  • none

[v0.4.7] - 2016-12-26

New Features

  • Don't fail without package manager

Bug Fixes

  • none

Other Changes

  • none

[v0.4.6] - 2016-10-20

New Features

  • Support for OpenBSD

Bug Fixes

  • none

Other Changes

  • none

[v0.4.5] - 2016-08-03

New Features

  • show xenial support on galaxy

Bug Fixes

  • none

Other Changes

  • none

[v0.4.4] - 2016-04-16

New Features

  • Added ubuntu 16.04 config

Bug Fixes

  • none

Other Changes

  • none

[v0.4.3] - 2016-03-09

New Features

  • none

Bug Fixes

  • fix deprecation warning for sshd_packages

Other Changes

  • Housekeeping

[v0.4.2] - 2016-01-24

New Features

  • none

Bug Fixes

  • Fix for CentOS 6 l_value issue
  • Update example so not to break old SSH versions and add a warning

Other Changes

  • none

[v0.4.1] - 2016-01-11

New Features

  • Fedora HostKey(s)

Bug Fixes

  • none

Other Changes

  • none

[v0.4.0] - 2015-08-25

New Features

  • none

Bug Fixes

  • Do not manage /var/run/sshd on CentOS7 fixes #27

Other Changes

  • none

[v0.3.2] - 2015-07-23

New Features

  • DebianBanner support

Bug Fixes

  • none

Other Changes

  • none

[v0.3.1] - 2015-06-28

New Features

  • Verify SSHd config early
  • Add Fedora support
  • fix type in AcceptEnv for RedHat7

Bug Fixes

  • Fix issues - not reloading with default sshd_allow_reload value

Other Changes

  • none

[v0.3.0] - 2015-06-25

New Features

  • Make the role more container friendly
  • Remove apt role dependency

Bug Fixes

  • fix type in AcceptEnv

Other Changes

  • none

[v0.2.5] - 2015-01-23

New Features

  • none

Bug Fixes

  • Don't install openssh-sftp-server on Debian

Other Changes

  • none

[v0.2.0] - 2015-01-04

New Features

  • none

Bug Fixes

  • none

Other Changes

  • Add precise, move 14.04 to specific configuration
  • Feature/debian defaults
  • Minor typo fixes and add Archlinux support

[v0.1.0] - 2014-12-25

Initial Release