openssh-formula

Author	SHA1	Message	Date
Michael Mol	6229a6d122	Stabily sort matches OpenSSH's Match declarations are applied first-match-wins. However, we can't safely define two Matches that might overlap unless we first sort the keys, as Python (and Jinja) dicts don't guarantee the order of dict keys, We also won't scramble the match sequence every time the user adds, removes or renames a match, and so we give the user clearer, more concise diffs as when they apply changes. Finally, we leave a comment on the Match line identifying where the Match rule came from, to assist in troubleshooting.	2017-06-12 12:08:26 -04:00
Michael Mol	710175799b	Support compound matches Support complex compound matches in Match criteria. For example, be able to match against multiple Users for a given Match, or be able to match against address ranges. Or Groups. Or any combination thereof. Support for matching users can take one of several different appearances in pillar data: sshd_config: matches: match_1: type: User: one_user options: ChrootDirectory: /ex/%u match_2: type: User: - jim - bob - sally options: ChrootDirectory: /ex/%u match_3: type: User: jim: ~ bob: ~ sally: ~ options: ChrootDirectory: /ex/%u Note the syntax of match_3. By using empty dicts for each user, we can leverage Salt's pillar mergine. If we use simple lists, we cannot do this; Salt can't merge simple lists, because it doesn't know what order they ought to be in.	2017-06-12 11:43:46 -04:00
Niels Abspoel	0913827c82	Merge pull request #93 from amendlik/freebsd11-printlastlog PrintLastLog missing in FreeBSD 11.0	2017-06-05 10:22:10 +02:00
Adam Mendlik	1284109335	PrintLastLog missing in FreeBSD 11.0 The fix introduced in 678cc9066cb358b8a436341b4e31b796b4d82a4c suppresses the PrintLastLog directive for FreeBSD 10.3. SSH on FreeBSD 11.0 also does not support PrintLastLog, so this change suppresses it for any version >= 10.3.	2017-06-04 10:33:14 -06:00
Javier Bértoli	c964121b54	Merge pull request #92 from alxwr/master Test config before applying it	2017-05-17 08:14:18 -03:00
Alexander Weidinger	162705c7ce	Test config before applying it	2017-05-17 13:00:06 +02:00
Javier Bértoli	daf5e9464f	Merge pull request #91 from amendlik/freebsd-wheel-group FreeBSD wheel group	2017-04-21 18:52:02 -03:00
Adam Mendlik	7245e1aa32	Add kitchen tests for FreeBSD	2017-04-21 12:00:22 -06:00
Adam Mendlik	0c363d284e	Update tests for compatibility with recent changes Commit 038a51cdc85fe4507eb943bfb16c189538cc144b introduced a change where the sshd_config file is not managed unless the 'sshd_config' pillar variable is defined. The kitchen tests did not define that variable, so they stopped working. This change sets a default value for 'Port' so the file is managed by Salt.	2017-04-21 11:57:01 -06:00
Adam Mendlik	154213560f	Correct typo in .kitchen.yml This change has no impact on the kitchen tests, but only changes a symbolic name from 'openssl' to 'openssh' to avoid confusion.	2017-04-21 11:57:01 -06:00
alxwr	844e96b57b	Merge pull request #88 from alxwr/force_key_length Opt-in to enforce RSA key length	2017-03-07 20:24:34 +01:00
alxwr	9fddb0ea2a	Merge pull request #87 from alxwr/auth_map openssh.auth_map	2017-03-07 20:24:26 +01:00
Alexander Weidinger	6b23b28f52	Opt-in to enforce RSA key length	2017-03-04 14:21:58 +01:00
Alexander Weidinger	674216d0ad	openssh.auth_map	2017-03-04 14:21:53 +01:00
Alexander Weidinger	66c954ed66	Set correct ssh(d)_config_group for *BSD	2017-03-04 14:20:07 +01:00
Niels Abspoel	4ec97eeb28	Merge pull request #86 from amendlik/file-mode Add variables for file owner and mode	2017-02-25 14:47:58 +01:00
amendlik	6d6c7a0ead	Merge branch 'master' into file-mode	2017-02-25 06:40:30 -07:00
Niels Abspoel	044d4d646b	Merge pull request #81 from leansalt/pillar-example-update Add secure defaults to pillar.example + secure sshd_config in defaults.yml #66	2017-02-25 12:30:37 +01:00
Adam Mendlik	b3fd60f016	Test using default permissions for ssh_config	2017-02-24 13:39:59 -07:00
ek9	038a51cdc8	manage sshd_config and ssh_config only if pillars are defined	2017-02-24 21:13:52 +01:00
ek9	c03e29a498	remove Kex,MACs,Ciphers from defaults	2017-02-24 21:13:35 +01:00
ek9	f192b91192	add more verbose warnings regarding ssh_config in pillar.example	2017-02-24 20:17:36 +01:00
Adam Mendlik	613bea2cac	Add variables for file owner and mode	2017-02-23 14:56:22 -07:00
Niels Abspoel	b0afda98ed	Merge pull request #85 from amendlik/test-kitchen Add test-kitchen configuration	2017-02-23 22:52:16 +01:00
Adam Mendlik	14cc19c941	Add test-kitchen configuration	2017-02-23 14:04:27 -07:00
Alexander Weidinger	70461403cb	known_hosts: sort IP addresses in order to prevent unnecessary changes due to random ordering of dig results.	2017-02-23 03:59:40 +01:00
Alexander Weidinger	678cc9066c	PrintLastLog missing in FreeBSD 10.3	2017-02-23 01:19:21 +01:00
ek9	f5a74f3fa0	defaults: enable secure defaults on sshd_config	2017-02-19 14:45:12 +01:00
ek9	ec796662bc	pillar.example: update with secure defaults for sshd_config and ssh_config	2017-02-19 14:44:56 +01:00
ek9	d6e48f2b43	rebase based on latest update	2017-02-07 19:45:59 +01:00
Javier Bértoli	2db9253c45	Merge pull request #82 from pepoluan/allow_list_or_string Allow list or string for some option, and setting of ConfigBanner	2017-02-07 07:26:44 -03:00
Javier Bértoli	893b96d023	Merge pull request #83 from llua/redhat setup sftp correctly on RedHat-like machines	2017-01-24 20:55:17 -03:00
Eric Cook	f4ea96f9c1	setup sftp correctly on RedHat-like machines	2017-01-24 18:17:15 -05:00
Pandu E Poluan	18e1866ac5	Update pillar.example `pillar.example` now contains information on how to use the 'string-or-list' feature for some options. Also an explanation on the new `ConfigBanner` option.	2017-01-24 01:43:04 +07:00
Pandu E Poluan	773d9ae092	Apply string-or-list processing to ssh_config Now ssh_config also accepts string-or-list options, for serveral keywords.	2017-01-24 01:34:24 +07:00
Pandu E Poluan	30648d115e	Add macro to handle string or list Added a macro to handle multivalue options entered in either string format or list format (with auto joiner).	2017-01-24 01:17:51 +07:00
Brian Jackson	b9689cedff	Merge pull request #79 from leansalt/server-service-control Add ability to control SSH server service status (default: on)	2017-01-15 21:48:04 -08:00
Florian Ermisch	bff3e5d199	Merge pull request #80 from llua/use_pam do not set UsePAM on OpenBSD	2017-01-15 12:04:07 +01:00
Eric Cook	686fc2c4ee	do not set UsePAM on OpenBSD Upstream opensshd does not support PAM	2017-01-14 18:38:37 -05:00
Forrest	086937b84f	Merge pull request #76 from freach/master openssh.auth will produce invalid SLS definition if sshd_config configs are missing	2016-11-02 09:06:07 -07:00
Simon Pirschel	1b69ecab2c	fix issue with stripping new line will result in invalid SLS definition if AuthorizedKeysFile is missing in sshd_config	2016-11-02 15:21:50 +01:00
Forrest	0c06e247d5	Merge pull request #75 from freach/master sshd won't start if AddressFamily option is specified	2016-11-01 09:09:49 -07:00
Simon Pirschel	2a1b8fbc66	fix issue sshd won't start if AddressFamily is specified, because it must be defined before ListenAddress	2016-11-01 13:24:30 +01:00
Forrest	ec663a6f5e	Merge pull request #51 from mathieupotier/master Put ssh keys on configured path in sshd_config (AuthorizedKeysFile)	2016-10-31 09:32:50 -07:00
Forrest	263575e57e	Merge pull request #74 from llua/arch_sftp fix Subsystem directive on archlinux	2016-10-29 21:15:46 -07:00
Eric Cook	51fd8b1391	fix Subsystem directive on archlinux	2016-10-30 00:06:02 -04:00
Forrest	8c1d02f249	Merge pull request #73 from omltorg/updated_archlinux_pkg_name Update name of package containing dig on ArchLinux	2016-10-14 16:17:59 -07:00
omltorg	de66dbee97	Update name of package containing dig on ArchLinux	2016-10-14 22:25:56 +00:00
Forrest	8d1e730907	Merge pull request #72 from kyrias/AuthKeysCmd Add AuthorizedKeysCommand support	2016-10-02 11:59:37 -07:00
Johannes Löthberg	a74d859992	Add AuthorizedKeysCommand to pillar.example Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>	2016-10-02 10:37:11 +02:00

1 2 3 4 5

202 Commits