-
Notifications
You must be signed in to change notification settings - Fork 30
/
CHANGELOG
540 lines (427 loc) · 22.7 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
* Tue Oct 01 2024 Steven Pritchard <[email protected]> - 6.20.0
- Update metadata upper bounds for puppet-augeasproviders_ssh and puppet-selinux
* Fri Sep 13 2024 Steven Pritchard <[email protected]> - 6.19.0
- [puppetsync] Update module dependencies to support simp-iptables 7.x
* Wed Jul 10 2024 Steven Pritchard <[email protected]> - 6.18.2
- Fix calls to `FileUtils.mkdir_p` to work on Ruby 3
* Tue Jun 18 2024 Rick Gardner <[email protected]> - 6.18.1
- Fixed custom fact on windows bug
* Wed Feb 07 2024 Mike Riddle <[email protected]> - 6.18.0
- [puppetsync] Update metadata upper bounds for puppet-nsswitch, puppet-gitlab, puppet-snmp, simp-pam, and simp-useradd
* Wed Dec 06 2023 Mike Riddle <[email protected]> - 6.17.1
- The module will now correctly handle a situation where /etc/localtime doesn't exist
* Mon Oct 23 2023 Steven Pritchard <[email protected]> - 6.17.0
- [puppetsync] Add EL9 support
* Wed Oct 18 2023 Steven Pritchard <[email protected]> - 6.16.1
- Replace calls to `File.exists?` with `File.exist?` for compatibility with
Ruby 3
* Wed Oct 11 2023 Steven Pritchard <[email protected]> - 6.16.0
- [puppetsync] Updates for Puppet 8
- These updates may include the following:
- Update Gemfile
- Add support for Puppet 8
- Drop support for Puppet 6
- Update module dependencies
* Thu Sep 07 2023 Steven Pritchard <[email protected]> - 6.15.0
- Add AlmaLinux 8 support
* Mon Jun 12 2023 Chris Tessmer <[email protected]> - 6.14.0
- Add RockyLinux 8 support
* Sat Oct 15 2022 Trevor Vaughan <[email protected]> - 6.13.1
- Remove unnecessary augeasproviders_core module dependency
* Mon Nov 29 2021 Mike Riddle <[email protected]> - 6.13.0
- Added an option to turn off managing the AuthorizedKeysFile parameter
in /etc/ssh/sshd_config
* Thu Jun 17 2021 Chris Tessmer <[email protected]> - 6.12.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
* Tue Apr 20 2021 Liz Nemsick <[email protected]> - 6.12.0
- Update to augeasproviders_ssh < 5.0.0
* Tue Apr 20 2021 Liz Nemsick <[email protected]> - 6.11.2
- Fixed a bug where some changes to sshd configuration did not cause the
sshd service to restart.
- `sshd_config` resources created by `ssh::add_sshd_config()` did not
notify `Service[sshd]`.
- Fixed a bug that caused a compilation error when
`ssh::conf::ensure_sshd_packages` was set to `true`.
- Removed sshd configuration logic pertaining to OpenSSH versions used
in EL6.
* Tue Mar 02 2021 Jeanne Greulich <[email protected]> - 6.11.2
- Updated server::conf to include the voxpupuli selinux module when
calling selinux_port. This will ensure the packages that selinux_port
needs are installed.
- Added memory to the testing nodesets for EL8 because running selinux_port
was giving an out of memory error.
* Fri Feb 19 2021 Jeanne Greulich <[email protected]> - 6.11.2
- Openssh dropped support for SSH protocol 1 in version 8.0.
EL8 installs openssh v8 by default.
This fix checks the version of openssh when creating ssh_config host
entries and removes those values that are no longer used.
* Wed Jan 13 2021 Chris Tessmer <[email protected]> - 6.11.2
- Removed EL6 from supported OSes
* Wed Nov 25 2020 Trevor Vaughan <[email protected]> - 6.11.2
- No longer set HostKeyAlgorithms on the client configuration by default
* Thu Nov 19 2020 Trevor Vaughan <[email protected]> - 6.11.1-0
- Migrate to the updated version of simp/selinux that allows for isolated
package installation in support of the SELinux native types.
- Allow users to use the 'puppet/selinux' module instead of SIMP components.
* Tue Jul 07 2020 Trevor Vaughan <[email protected]> - 6.11.0-0
- Fix EL8 support when setting server::conf::manage_pam_sshd to `true`
- Remove dependency on the simp/sssd module
- Ensure that the sssd-common package is installed if required and allow the
user to disable this if necessary
- Remove the Puppet 3 functions that were marked as deprecated in 2017
* Wed Feb 19 2020 Trevor Vaughan <[email protected]> - 6.10.0-0
- Added EL8 support
- Ensure that UsePrivilegeSeparation is removed from sshd_config on platforms
that do not support it
* Thu Oct 24 2019 Liz Nemsick <[email protected]> - 6.9.0-0
- Added two `ssh::server::conf` parameters to allow users to ensure
specific sshd configuration is removed from sshd_config:
- `ssh::server::conf::remove_entries`
- `ssh::server::conf::remove_subsystems`
- Allow use of simp-simplib 4.X.
* Fri Oct 18 2019 Kendall Moore <[email protected]> - 6.9.0-0
- Updated the default Tunnel setting to 'no' in ssh_config to match the man page
* Tue Aug 06 2019 Michael Morrone <michael.morrone@@onyxpoint.com> - 6.8.1-0
- Removed ensure from policycoreutils-python in server config for
multiple port support to elimate duplicate declaration
* Tue Jul 30 2019 Trevor Vaughan <[email protected]> - 6.8.0-0
- Add multiple port support
- The ssh::server::conf::port entry can now take an Array of ports
- `selinux_port` resources are created for each non-standard entry
- Update the required version of simp-beaker-helpers to work around Highline
issues in the compliance acceptance tests.
* Mon Jun 03 2019 Steven Pritchard <[email protected]> - 6.8.0-0
- Add v2 compliance_markup data
- Add support for puppetlabs-stdlib 6
* Wed May 29 2019 Trevor Vaughan <[email protected]> - 6.7.1-0
- Replace calls to 'system' with Puppet::Execution.execute in the ssh_autokey
and ssh::autokeys functions.
* Mon Apr 29 2019 Trevor Vaughan <[email protected]> - 6.7.0-0
- Switched to selinux_port type for alternate SSH ports
- Added the ability for users to set custom sshd config entries via a Hash in
Hiera.
- Made ListenAddress optional and documented EL6 bug
* Tue Apr 16 2019 Zach <[email protected]> - 6.7.0-0
- Add OATH support
* Thu Apr 11 2019 Bob Vincent <[email protected]> - 6.7.0-0
- Added support for the following SSH server configuration parameters:
- AllowGroups
- AllowUsers
- DenyGroups
- DenyUsers
- LoginGraceTime
- LogLevel
- MaxAuthTries
* Tue Apr 09 2019 Joseph Sharkey <[email protected]> - 6.7.0-0
- Remove Elasticsearch and Grafana
- Updated tests in support of puppet6, and removed puppet4 support
* Tue Mar 19 2019 Liz Nemsick <[email protected]> - 6.6.1-0
- Use Puppet String in lieu of simplib's deprecated Puppet 3 to_string
- Use simplib::nets2ddq in lieu of deprecated Puppet 3 nets2ddq
* Mon Mar 04 2019 Liz Nemsick <[email protected]> - 6.6.0-0
- Expanded the upper limit of the stdlib Puppet module version
- Updated URLs in the README.md
* Tue Dec 04 2018 Jeanne Greulich <[email protected]> - 6.6.0-0
- Fix bug in which the sshd 'Subsystem' configuration specified by
ssh::server::conf::subsystem was erroneously stripped of whitespace
* Thu Nov 15 2018 Nick Miller <[email protected]> - 6.6.0-0
- Added a new class, ssh::authorized_keys, that consumes a hash of ssh pubkeys
- Users are meant to be able to paste the output of their pubkey into hiera
- Arrays and hashes work too, though the hash option is not as smart as the
others
- Update README with a section on it
- Add REFERENCE.md
* Fri Oct 26 2018 Adam Yohrling <[email protected]> - 6.5.1-0
- Add ssh_host_keys fact to gather configured `hostkey` values
from sshd
- Loop through all hostkeys and manage permissions for security and
compliance
* Fri Oct 12 2018 Nick Miller <[email protected]> - 6.5.0-0
- Added the following package ensure parameters
- $ssh::client::package_ensure
- $ssh::server::server_ensure
- $ssh::server::ldap_ensure
- Changed the defaults for all package ensures from 'latest' to the following:
- `simp_options::package_ensure` when that parameter is present
- 'installed' otherwise
* Thu Oct 11 2018 Zach <[email protected]> - 6.5.0-0
- Altered 00_default_spec.rb to stop deleting all ssh keys in test
- Replaced puppet_environment with puppet_collection in nodesets
* Tue Sep 11 2018 Nicholas Markowski <[email protected]> - 6.5.0-0
- Updated $app_pki_external_source to accept any string. This matches the
functionality of pki::copy.
* Wed Aug 29 2018 Trevor Vaughan <[email protected]> - 6.4.4-0
- Added a Ssh::PermitRootLogin data type
- Updated tests
- Added a check to fail on EL6 if 'prohibit-password' is set since it is not
allowed on that platform.
* Thu Aug 23 2018 Adam Yohrling <[email protected]> - 6.4.4-0
- Added support for Oracle Linux
- Added support for Puppet 5
* Mon Aug 20 2018 Bryan Howard <[email protected]> - 6.4.4-0
- PermitRootLogin accepts more values than 'yes' and 'no'. Add
support for 'without-password', 'prohibit-password', and
'forced-commands-only'.
- It was not possible to set PasswordAuthentication to 'no'
because the conditional treated false the same as undef, which are
intended to be different.
* Thu Aug 16 2018 Liz Nemsick <[email protected]> - 6.4.3-0
- By default, do not specify the obsolete RhostsRSAAuthentication
configuration parameter in sshd_config on systems running openssh 7.4
or later. Beginning with openshh 7.4, sshd emits an error message when
this parameter is present in sshd_config.
* Thu May 03 2018 Jeanne Greulich <[email protected]> - 6.4.2-0
- Added some variables for sshd_config to meet STIG requirements.
Most are just confirmation of defaults with the exception of
ClientAliveInterval and ClientAliveMaxCount which have
been set to activate Client Alive checks.
- Added compliance tests to install setting from compliance
markup module and then run inspec tests to check for compliance.
- Update version range of auditd dependency in metadata.json
* Wed Mar 14 2018 Chris Tessmer <[email protected]> - 6.4.1-0
- Removed unused Augeas lens `sshd.aug`
* Mon Mar 05 2018 Chris Tessmer <[email protected]> - 6.4.0-0
- Re-implemented `ssh::client::host_config_entry` using `ssh_config`:
- Users can now customize additional SSH client options
- Customizing ssh_config is consistent with sshd_config
- Tweaked Augeas lens `ssh.aug` to handle `HostKeyAlgorithms` correctly
- No change to the module's API
- Removed concat + .erb templates from old implementation
- Fixed idempotency bug with `/var/empty/sshd/etc/localtime`
- Removed vestigial SIMP-1143 workaround from acceptance tests
- Fixed errors in README.md
- Ciphers and Usage sections rewritten and verified, with tests
- Added new environment variable `SIMP_SSH_report_dir` to acceptance tests
to validate ciphers in README
- Documented solution to SIMP-4440 and added acceptance test
- Removed cruft:
- Removed grub from metadata.json and .fixtures.yml because nothing uses it
- Removed NSCD-related cruft (/etc/pam_ldap.conf) from ancient ldap code
* Mon Feb 12 2018 Liz Nemsick <[email protected]> - 6.3.0-0
- Update upperbound on puppetlabs/concat version to < 5.0.0
* Fri Jan 19 2018 Nick Miller <[email protected]> - 6.3.0-0
- If the host has joined an IPA domain, set
GSSAPIAuthentication to 'yes' in the ssh server and client
configuration files.
* Wed Aug 30 2017 Trevor Vaughan <[email protected]> - 6.2.1-0
- Update to augeasproviders_grub 3
* Fri Aug 18 2017 Liz Nemsick <[email protected]> - 6.2.1-0
- Update concat version in metadata.json & build/rpm_metadata/requires
* Tue Jun 20 2017 Liz Nemsick <[email protected]> - 6.2.0-0
- Convert internally-used Puppet 3 functions to Puppet 4
- ssh_config_bool_translate is now ssh::config_bool_translate
- ssh_format_host_entry_for_sorting now ssh::format_host_entry_for_sorting
- Create Puppet 4 versions of externally-used Puppet 3 functions and
mark the Puppet 3 functions as deprecated. They will be removed in
a later release.
- ssh_autokey should be replaced with ssh::autokey
- ssh_global_known_hosts should be replaced with ssh::global_known_hosts
* Tue Mar 28 2017 Nicholas Hughes - 6.1.0-0
- Set permissions back to what the RPM sets and security scans expect
- /etc/ssh/moduli
- /var/empty/sshd
- /var/empty/sshd/etc
- /var/empty/sshd/etc/localtime
* Thu Mar 23 2017 Trevor Vaughan <[email protected]> - 6.1.0-0
- Reverted 'ssh::server::conf::trusted_nets' to 'ALL' by default to prevent
lockouts from cloud systems
* Mon Mar 20 2017 Liz Nemsick <[email protected]> - 6.0.1-0
- move passgen to Puppet[:vardir]
* Thu Mar 9 2017 Dylan Cochran <[email protected]> - 6.0.1-0
- Remove some utf-8 smart quotes that were accidentally added to
host_config_entry.pp
* Thu Feb 23 2017 Nick Miller <[email protected]> - 6.0.1-0
- Changed the default UsePrivilegeSeparation setting in sshd_config to use the
vendor default of 'sandbox'
- Changed the default value of simp_options::trusted_nets to ['ALL'] to prevent
permanent lockouts when a console isn't available.
* Thu Jan 19 2017 Nick Markowski <[email protected]> - 6.0.0-0
- Updated pki scheme, application certs now managed in
/etc/pki/simp_apps/sshd/x509
* Tue Jan 10 2017 Trevor Vaughan <[email protected]> - 6.0.0-0
- Updated to use CTR ciphers instead of CBC as a fallback
* Tue Dec 20 2016 Liz Nemsick <[email protected]> - 6.0.0-0
- Use simp_options module for global catalysts
- Use strongly typed parameters
- Rename defined type ssh::client::add_entry to ssh::client::host_config_entry
* Wed Nov 23 2016 Jeanne Greulich <[email protected]> - 5.0.0-0
- Fix dependencies for simp 6 bump
* Mon Nov 21 2016 Chris Tessmer <[email protected]> - 5.0.0-0
- Updated to compliance_markup version 2
* Wed Nov 16 2016 Liz Nemsick <[email protected]> - 5.0.0-0
- Updated iptables dependency version
* Wed Oct 12 2016 Trevor Vaughan <[email protected]> - 5.0.0-0
- Updated to use the version of 'simpcat' that does not conflict with
'puppetlabs/concat'.
* Fri Sep 30 2016 Chris Tessmer <[email protected]> - 4.1.12-0
- Fixed dependencies in `metadata.json` prior to a Forge push.
* Wed Sep 28 2016 Chris Tessmer <[email protected]> - 4.1.11-0
- Fix Forge `haveged` dependency name
* Tue Sep 06 2016 Nick Markowski <[email protected]> - 4.1.10-0
- Modified AuthorizedKeysCommand to be /usr/bin/sss_ssh_authorizedkeys
if sssd is enabled.
* Thu Aug 04 2016 Nick Miller <[email protected]> - 4.1.9-0
- Updated rpm requires to properly expire old versions
* Mon Jul 11 2016 Trevor Vaughan <[email protected]> - 4.1.8-0
- Migration to semantic versioning and fix of the build system
* Tue Jul 05 2016 Nick Miller <[email protected]> - 4.1.7-0
- The defaults for use_iptables and use_ldap will now follow the global
catalysts. Updated acceptance tests.
* Thu Jun 30 2016 Nick Markowski <[email protected]> - 4.1.6-0
- Use_haveged is now a global catalyst.
* Wed Jun 22 2016 Nick Markowski <[email protected]> - 4.1.5-0
- Pupmod-haveged now included by default to assist with entropy generation.
* Tue Jun 07 2016 Nick Markowski <[email protected]> - 4.1.4-0
- The openssh_version fact is now compatible with ruby 1.8.7.
* Sat May 21 2016 Trevor Vaughan <[email protected]> - 4.1.4-0
- Ensure that we set the proper SELinux port connection options for sshd if
using a non-standard port.
* Wed Apr 20 2016 Nick Markowski <[email protected]> - 4.1.3-0
- Created an openssh_version fact.
- Modified kex algorithm set:
- No longer set kex prior to openssh v 5.7
- Curve25519 kex only set in openssh v 6.5+
* Tue Mar 22 2016 Nick Markowski <[email protected]> - 4.1.2-0
- Openssh-ldap is no longer installed when use_sssd is true.
* Sat Mar 19 2016 Trevor Vaughan <[email protected]> - 4.1.1-0
- Migrated use_simp_pki to a global catalyst.
* Mon Mar 14 2016 Nick Markowski <[email protected]> - 4.1.0-15
- Ensure that EL6.7+ uses SSSD over NSCD
* Thu Feb 25 2016 Ralph Wright <[email protected]> - 4.1.0-14
- Added compliance function support
* Mon Jan 18 2016 Carl Caum <[email protected]> - 4.1.0-13
- Removed empty logic block that was causing compilation errors in Puppet 4.
* Wed Dec 09 2015 Nick Markowski <[email protected]> - 4.1.0-12
- CCE-3660-8 compliance. Do not allow empty ssh passwords.
* Fri Dec 04 2015 Chris Tessmer <[email protected]> - 4.1.0-12
- Replaced all 'lsb*' facts with their (package-independent)
'operatingsystem*' counterparts.
- Moved parameter validation to the top of each class.
* Fri Nov 20 2015 Trevor Vaughan <[email protected]> - 4.1.0-11
- Updated the code to work around a bug in the OpenSSH client where FIPS mode
fails if the 'Cipher' parameter is present in /etc/ssh/ssh_config
* Mon Nov 09 2015 Chris Tessmer <[email protected]> - 4.1.0-11
- migration to simplib and simpcat (lib/ only)
* Fri Sep 18 2015 Nick Markowski <[email protected]> - 4.1.0-10
- Updated the ssh client ciphers to match the ssh server ciphers.
* Wed Jul 29 2015 Trevor Vaughan <[email protected]> - 4.1.0-9
- Incorporated the updated SSH Augeas Lenses
- Created a sub-rpm for the lenses to account for the modified license terms
- Added support for default KexAlgorithms
- Added sensible defaults for the SSH server in both FIPS and non-FIPS mode
- Note: I have not yet tested these in FIPS enforcing mode so adjustments may
need to be made
* Fri Feb 20 2015 Trevor Vaughan <[email protected]> - 4.1.0-8
- Added support for the new augeasproviders_ssh module
- Migrated to the new 'simp' environment.
* Fri Feb 06 2015 Trevor Vaughan <[email protected]> - 4.1.0-7
- Made all of the custom functions environment aware
- Enhanced the ssh_keygen function to return private keys if so instructed
since we can use that to eradicate some automatically generated cruft in the
module spaces.
- Changed puppet-server requirement to puppet
* Fri Dec 19 2014 Trevor Vaughan <[email protected]> - 4.1.0-6
- Added a function, ssh_format_host_entry_for_sorting, that is explicitly for
use by the concat_fragment part of ssh::client::add_entry. It handles proper
sorting order when wildcards and question marks are used.
* Sun Jun 22 2014 Kendall Moore <[email protected]> - 4.1.0-5
- Removed all non FIPS compliant ciphers from ssh server and client configs.
* Thu Jun 19 2014 Trevor Vaughan <[email protected]> - 4.1.0-5
- Added support for the 'AuthorizedKeysCommandUser' in sshd_config
since this is now required in RHEL >= 7.
* Thu Jun 05 2014 Nick Markowski <[email protected]> - 4.1.0-4
- Set compression off in sshd_config by default.
* Thu May 22 2014 Trevor Vaughan <[email protected]> - 4.1.0-3
- Fixed a resource chaining issue with /etc/ssh/ldap.conf. The source
had not been declared properly so the dependency chain was not being
enforced.
* Fri Apr 11 2014 Kendall Moore <[email protected]> - 4.1.0-2
- Refactored manifests and removed singleton defines for puppet 3 and
hiera compatibility.
- Added spec tests.
- Added function sshd_config_bool_translate to translate booleans into yes/no variables.
* Sun Apr 06 2014 Trevor Vaughan <[email protected]> - 4.1.0-2
- Added hooks for various top-level variables for increased configuration
flexibility.
* Tue Jan 28 2014 Kendall Moore <[email protected]> 4.1.0-1
- Update to remove warnings about IPTables not being detected. This is a
nuisance when allowing other applications to manage iptables legitimately.
- Removed the management of most variables by default from ssh::server::conf.
The remainder are now managed by an sshd augeas provider.
- ALL supported variables are now settable via extdata as
ssh::server::conf::<varname>
- This means that you can easily manipulate any variable as well as setting
those that are not natively managed using the augeas provider.
- This work was done for supporting OpenShift
* Thu Jan 02 2014 Trevor Vaughan <[email protected]> - 4.1.0-0
- AVC errors were being generated due to the /etc/ssh/ldap.conf file
being a symlink. This is now copied directly from /etc/pam_ldap.conf
instead of linked.
* Mon Oct 07 2013 Kendall Moore <[email protected]> - 4.0.0-2
- Updated all erb templates to properly scope variables.
* Wed Sep 25 2013 Trevor Vaughan <[email protected]> - 4.0.0-1
- Added the ability to modify the hosts that can connect to sshd via
IPTables using a client_nets variable.
* Thu May 02 2013 Trevor Vaughan <[email protected]> - 4.0.0-0
- Changed all localtime symlinks to file copies since SELinux does not like
symlinks in these cases.
* Tue Apr 16 2013 Nick Markowski <[email protected]> - 2.0.0-9
- All ssh public key authentication now directly uses LDAP.
- Added ldap.conf to /etc/ssh.
- Added openssh-ldap rpm and authorizedkeyscommand wrapper to template.
- SSH fully manages /etc/ssh/local_keys.
* Mon Dec 10 2012 Maintenance
2.0.0-8
- Created a Cucumber test to ensure that the SSH daemon is running.
- Created a Cucumber test which creates a temporary user, and ensures
that they can SSH into the puppet server.
* Thu Nov 08 2012 Maintenance
2.0.0-7
- The ssh_global_known_hosts function now automatically deletes any short name
key files that conflict with a long name file prior to manipulating the
catalog.
* Fri Jul 20 2012 Maintenance
2.0.0-6
- Added a custom type 'sshkey_prune' that, given a target file, prunes all ssh
keys that Puppet doesn't know about.
- Updated the ssh_global_known_hosts function to expire old keys after 7 days
by default. Users may specify their own number of expire days or set to 0 to
never expire any keys.
* Wed Apr 11 2012 Maintenance
2.0.0-5
- Fixed bug with ssh_global_known_hosts such that it uses
'host_aliases' instead of 'alias' since the latter has be
deprecated.
- Moved mit-tests to /usr/share/simp...
- Updated pp files to better meet Puppet's recommended style guide.
* Fri Mar 02 2012 Maintenance
2.0.0-4
- Added the CBC ciphers back to the SSH server default config since
their absence was causing issues with various scripting languages.
- Reformatted against the Puppet Labs style guide.
- Improved test stubs.
* Mon Dec 26 2011 Maintenance
2.0.0-3
- Updated the spec file to not require a separate file list.
* Tue May 31 2011 Maintenance - 2.0.0-2
- Set PrintLastLog to 'no' by default since this is now handled by PAM.
- Removed CBC ciphers from the client and server.
- No longer enable X11 forwarding on SSH servers by default.
- Reduce the acceptable SSH cipher set to AES without CBC.
* Fri Feb 11 2011 Maintenance - 2.0.0-1
- Changed all instances of defined(Class['foo']) to defined('foo') per the
directions from the Puppet mailing list.
- Updated to use concat_build and concat_fragment types.
* Tue Jan 11 2011 Maintenance
2.0.0-0
- Refactored for SIMP-2.0.0-alpha release
* Tue Oct 26 2010 Maintenance - 1-2
- Converting all spec files to check for directories prior to copy.
* Wed Jun 30 2010 Maintenance
1.0-1
- /etc/ssh/ssh_known_hosts is now collected from all puppet managed hosts
without using stored configs.
* Tue May 25 2010 Maintenance
1.0-0
- Code refactoring.