From: Silvio Rhatto Date: Sat, 19 Mar 2016 13:17:30 +0000 (-0300) Subject: Merge branch 'master' of https://gitlab.com/shared-puppet-modules-group/sshd X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=ff79bc6295e9f089285ccc26c04cc72893a8384f;p=puppet-sshd.git Merge branch 'master' of https://gitlab.com/shared-puppet-modules-group/sshd Conflicts: README templates/sshd_config/CentOS.erb templates/sshd_config/CentOS_Final.erb templates/sshd_config/Debian_etch.erb templates/sshd_config/Debian_jessie.erb templates/sshd_config/Debian_sid.erb templates/sshd_config/Debian_squeeze.erb templates/sshd_config/Debian_wheezy.erb templates/sshd_config/Ubuntu_trusty.erb --- ff79bc6295e9f089285ccc26c04cc72893a8384f diff --cc templates/sshd_config/FreeBSD.erb index 81b7e10,5298ade..40a4caa --- a/templates/sshd_config/FreeBSD.erb +++ b/templates/sshd_config/FreeBSD.erb @@@ -151,11 -152,17 +152,17 @@@ AllowUsers <%= s % AllowGroups <%= s %> <%- end -%> - <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> + <% if scope.lookupvar('::sshd::hardened') == 'yes' -%> + <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%> + KexAlgorithms curve25519-sha256@libssh.org + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com + <% else -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> + <% end -%> - <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> + <% unless (s=scope.lookupvar('::sshd::tail_additional_options')).empty? -%> <%= s %> <% end -%> diff --cc templates/sshd_config/Gentoo.erb index cdd51d8,022a26e..753e24a --- a/templates/sshd_config/Gentoo.erb +++ b/templates/sshd_config/Gentoo.erb @@@ -147,12 -147,18 +147,18 @@@ AllowUsers <%= s % AllowGroups <%= s %> <%- end -%> - <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> + <% if scope.lookupvar('::sshd::hardened') == 'yes' -%> + <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%> + KexAlgorithms curve25519-sha256@libssh.org + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com + <% else -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> + <% end -%> - <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> + <% unless (s=scope.lookupvar('::sshd::tail_additional_options')).empty? -%> <%= s %> <% end -%> diff --cc templates/sshd_config/OpenBSD.erb index ea6e8a8,db73030..aec299c --- a/templates/sshd_config/OpenBSD.erb +++ b/templates/sshd_config/OpenBSD.erb @@@ -128,11 -128,17 +128,17 @@@ AllowGroups <%= s % # AllowTcpForwarding no # ForceCommand cvs server - <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> + <% if scope.lookupvar('::sshd::hardened') == 'yes' -%> + <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%> + KexAlgorithms curve25519-sha256@libssh.org + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com + <% else -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> + <% end -%> - <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> + <% unless (s=scope.lookupvar('::sshd::tail_additional_options')).empty? -%> <%= s %> <% end -%> diff --cc templates/sshd_config/Ubuntu.erb index 40040d1,a326ab8..1adb4f2 --- a/templates/sshd_config/Ubuntu.erb +++ b/templates/sshd_config/Ubuntu.erb @@@ -113,11 -117,17 +117,17 @@@ AllowUsers <%= s % AllowGroups <%= s %> <%- end -%> - <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> + <% if scope.lookupvar('::sshd::hardened') == 'yes' -%> + <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%> + KexAlgorithms curve25519-sha256@libssh.org + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com + <% else -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> + <% end -%> - <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> + <% unless (s=scope.lookupvar('::sshd::tail_additional_options')).empty? -%> <%= s %> <% end -%> diff --cc templates/sshd_config/Ubuntu_lucid.erb index 4d5f640,be7c56d..4d147a2 --- a/templates/sshd_config/Ubuntu_lucid.erb +++ b/templates/sshd_config/Ubuntu_lucid.erb @@@ -114,13 -118,19 +118,19 @@@ AllowUsers <%= s % AllowGroups <%= s %> <%- end -%> - PrintMotd <%= scope.lookupvar('sshd::print_motd') %> + PrintMotd <%= scope.lookupvar('::sshd::print_motd') %> - <% if scope.lookupvar('sshd::hardened_ssl') == 'yes' -%> + <% if scope.lookupvar('::sshd::hardened') == 'yes' -%> + <% if (scope.function_versioncmp([scope.lookupvar('::ssh_version'),'6.5'])) >= 0 -%> + KexAlgorithms curve25519-sha256@libssh.org + Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr + MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com + <% else -%> Ciphers aes256-ctr -MACs hmac-sha1 +MACs hmac-sha2-512 <% end -%> + <% end -%> - <% unless (s=scope.lookupvar('sshd::tail_additional_options')).empty? -%> + <% unless (s=scope.lookupvar('::sshd::tail_additional_options')).empty? -%> <%= s %> <% end -%>