confdroid/confdroid_ssh
1
0
Fork 0
Code Issues Projects Wiki Activity

Merge branch 'jenkins-build-27' into 'master'

Browse Source 
Auto-merge for build 27

See merge request puppet/confdroid_ssh!27
This commit is contained in:
Jenkins
2026-04-14 09:50:15 +00:00
parent ca0ec2bb84 5f6b9d8b99
commit 01611b4b43
5 changed files with 46 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/puppet_classes/confdroid_ssh_3A_3Amain_3A_3Adirs.html
View File

@@ -141,7 +141,7 @@ class confdroid_ssh::main::dirs (
path => $ssh_etc_path,
owner => $sshd_user,
group => $sshd_user,
mode => '0700',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,
@@ -152,7 +152,7 @@ class confdroid_ssh::main::dirs (
ensure => directory,
owner => $sshd_user,
group => $sshd_user,
mode => '0700',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,

44
doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
View File

@@ -532,7 +532,7 @@
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
@@ -568,7 +568,7 @@
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
@@ -1168,6 +1168,24 @@
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is none, which means that no banner will be displayed to users when they connect, but can be set to a valid file path if you want to display a custom banner message to users when they connect. This can be used to display legal notices, security warnings, or other information to users when they connect to the SSH server.</p>
</div>
</li>
<li>
<span class='name'>ssh_login_grace_time</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;2m&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is 2m, which means that users have 2 minutes to successfully authenticate before the server disconnects them, but can be set to a different time interval if desired. This setting can be used to limit the amount of time that attackers have to attempt to brute-force authentication, but should be set to a reasonable value to avoid disconnecting legitimate users who may need more time to log</p>
</div>
</li>
@@ -1183,12 +1201,6 @@
<pre class="lines">
194
195
196
197
198
199
200
201
202
@@ -1269,10 +1281,17 @@
277
278
279
280</pre>
280
281
282
283
284
285
286
287</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 194</span>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 200</span>
class confdroid_ssh::params (
@@ -1289,6 +1308,7 @@ class confdroid_ssh::params (
Boolean $ssh_manage_config = true,
String $ssh_address_family = &#39;any&#39;,
String $ssh_listen_address = &#39;0.0.0.0&#39;,
String $ssh_login_grace_time = &#39;2m&#39;,
String $ssh_root_login = &#39;prohibit-password&#39;,
String $ssh_strict_modes = &#39;yes&#39;,
String $ssh_max_auth_tries = &#39;6&#39;,
@@ -1303,9 +1323,9 @@ class confdroid_ssh::params (
String $ssh_rekeylimit = &#39;default none&#39;,
String $ssh_syslog_facility = &#39;AUTH&#39;,
String $ssh_log_level = &#39;INFO&#39;,
String $ssh_password_authentication = &#39;no&#39;,
String $ssh_password_authentication = &#39;yes&#39;,
String $ssh_permit_empty_passwords = &#39;no&#39;,
String $ssh_kbd_interactive_auth = &#39;no&#39;,
String $ssh_kbd_interactive_auth = &#39;yes&#39;,
Boolean $ssh_use_kerberos = false,
String $ssh_kerberos_authentication = &#39;yes&#39;,
String $ssh_kerberos_or_local_passwd = &#39;yes&#39;,

4
manifests/main/dirs.pp
View File

@@ -12,7 +12,7 @@ class confdroid_ssh::main::dirs (
path => $ssh_etc_path,
owner => $sshd_user,
group => $sshd_user,
mode => '0700',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,
@@ -23,7 +23,7 @@ class confdroid_ssh::main::dirs (
ensure => directory,
owner => $sshd_user,
group => $sshd_user,
mode => '0700',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,

11
manifests/params.pp
View File

@@ -190,6 +190,12 @@
# display a custom banner message to users when they connect. This can be used
# to display legal notices, security warnings, or other information to users when
# they connect to the SSH server.
# @param [String] ssh_login_grace_time setting for sshd_config.
# Default is '2m', which means that users have 2 minutes to successfully
# authenticate before the server disconnects them, but can be set to a different
# time interval if desired. This setting can be used to limit the amount of time
# that attackers have to attempt to brute-force authentication, but should be set
# to a reasonable value to avoid disconnecting legitimate users who may need more time to log
##############################################################################
class confdroid_ssh::params (
@@ -206,6 +212,7 @@ class confdroid_ssh::params (
Boolean $ssh_manage_config = true,
String $ssh_address_family = 'any',
String $ssh_listen_address = '0.0.0.0',
String $ssh_login_grace_time = '2m',
String $ssh_root_login = 'prohibit-password',
String $ssh_strict_modes = 'yes',
String $ssh_max_auth_tries = '6',
@@ -220,9 +227,9 @@ class confdroid_ssh::params (
String $ssh_rekeylimit = 'default none',
String $ssh_syslog_facility = 'AUTH',
String $ssh_log_level = 'INFO',
String $ssh_password_authentication = 'no',
String $ssh_password_authentication = 'yes',
String $ssh_permit_empty_passwords = 'no',
String $ssh_kbd_interactive_auth = 'no',
String $ssh_kbd_interactive_auth = 'yes',
Boolean $ssh_use_kerberos = false,
String $ssh_kerberos_authentication = 'yes',
String $ssh_kerberos_or_local_passwd = 'yes',

1
templates/sshd_custom_conf.erb
View File

@@ -16,6 +16,7 @@ RekeyLimit <%= @ssh_rekeylimit %>
SyslogFacility <%= @ssh_syslog_facility %>
LogLevel <%= @ssh_log_level %>
LoginGraceTime <%= @ssh_login_grace_time %>
PermitRootLogin <%= @ssh_root_login %>
StrictModes <%= @ssh_strict_modes %>
MaxAuthTries <%= @ssh_max_auth_tries %>