Compare commits
5 Commits
39d7e1790d
...
febf9f494d
| Author | SHA1 | Date | |
|---|---|---|---|
|
febf9f494d | ||
|
|
72810343ec | ||
|
|
eba68be525 | ||
| 12ca98ceca | |||
|
|
df02776fef |
@@ -25,11 +25,13 @@
|
||||
## Features
|
||||
|
||||
- install required binaries
|
||||
- manage local custom configuration based on parameters, overriding the defaults
|
||||
- manage selinux rules
|
||||
- manage service
|
||||
- (optional) manage firewall
|
||||
|
||||
> Note
|
||||
Originally I thought it was a great idea to have a single custom configuration file, which would override the default settings in the sshd_config. But I quickly learned, that this is not a great idea, for it seemed to work out differently on various hosts despite identical settings. For instance gitlab is using SSH not only for remote sessions but also for git operations, which broke with this file in place. So right now this module will only ensure the main default config is available and the service is always running. Custom configurations can be enabled after through testing through the parameters under #sshd section, but can be forced off through the `ssh_custom_ensure`setting set to `absent` (default).
|
||||
|
||||
## Support
|
||||
|
||||
- Rocky 9 (Any RHEL 9 based OS should work but has not been tested)
|
||||
|
||||
@@ -97,8 +97,6 @@
|
||||
<ul><li>
|
||||
<p>install required binaries</p>
|
||||
</li><li>
|
||||
<p>manage local custom configuration based on parameters, overriding the defaults</p>
|
||||
</li><li>
|
||||
<p>manage selinux rules</p>
|
||||
</li><li>
|
||||
<p>manage service</p>
|
||||
@@ -106,6 +104,10 @@
|
||||
<p>(optional) manage firewall</p>
|
||||
</li></ul>
|
||||
|
||||
<blockquote>
|
||||
<p>Note Originally I thought it was a great idea to have a single custom configuration file, which would override the default settings in the sshd_config. But I quickly learned, that this is not a great idea, for it seemed to work out differently on various hosts despite identical settings. For instance gitlab is using SSH not only for remote sessions but also for git operations, which broke with this file in place. So right now this module will only ensure the main default config is available and the service is always running. Custom configurations can be enabled after through testing through the parameters under #sshd section, but can be forced off through the <code>ssh_custom_ensure</code>setting set to <code>absent</code> (default).</p>
|
||||
</blockquote>
|
||||
|
||||
<h2 id="label-Support">Support</h2>
|
||||
<ul><li>
|
||||
<p>Rocky 9 (Any RHEL 9 based OS should work but has not been tested)</p>
|
||||
|
||||
@@ -97,8 +97,6 @@
|
||||
<ul><li>
|
||||
<p>install required binaries</p>
|
||||
</li><li>
|
||||
<p>manage local custom configuration based on parameters, overriding the defaults</p>
|
||||
</li><li>
|
||||
<p>manage selinux rules</p>
|
||||
</li><li>
|
||||
<p>manage service</p>
|
||||
@@ -106,6 +104,10 @@
|
||||
<p>(optional) manage firewall</p>
|
||||
</li></ul>
|
||||
|
||||
<blockquote>
|
||||
<p>Note Originally I thought it was a great idea to have a single custom configuration file, which would override the default settings in the sshd_config. But I quickly learned, that this is not a great idea, for it seemed to work out differently on various hosts despite identical settings. For instance gitlab is using SSH not only for remote sessions but also for git operations, which broke with this file in place. So right now this module will only ensure the main default config is available and the service is always running. Custom configurations can be enabled after through testing through the parameters under #sshd section, but can be forced off through the <code>ssh_custom_ensure</code>setting set to <code>absent</code> (default).</p>
|
||||
</blockquote>
|
||||
|
||||
<h2 id="label-Support">Support</h2>
|
||||
<ul><li>
|
||||
<p>Rocky 9 (Any RHEL 9 based OS should work but has not been tested)</p>
|
||||
|
||||
@@ -134,14 +134,7 @@
|
||||
36
|
||||
37
|
||||
38
|
||||
39
|
||||
40
|
||||
41
|
||||
42
|
||||
43
|
||||
44
|
||||
45
|
||||
46</pre>
|
||||
39</pre>
|
||||
</td>
|
||||
<td>
|
||||
<pre class="code"><span class="info file"># File 'manifests/main/files.pp', line 6</span>
|
||||
@@ -178,13 +171,6 @@ class confdroid_ssh::main::files (
|
||||
content => template($sshd_custom_erb),
|
||||
notify => Service[$sshd_service],
|
||||
}
|
||||
# we want the default root login setting to be managed by the custom conf,
|
||||
# so we remove the default file if it exists
|
||||
file { $sshd_root_login_file:
|
||||
ensure => absent,
|
||||
path => $sshd_root_login_file,
|
||||
notify => Service[$sshd_service],
|
||||
}
|
||||
}
|
||||
}</pre>
|
||||
</td>
|
||||
|
||||
@@ -35,12 +35,5 @@ class confdroid_ssh::main::files (
|
||||
content => template($sshd_custom_erb),
|
||||
notify => Service[$sshd_service],
|
||||
}
|
||||
# we want the default root login setting to be managed by the custom conf,
|
||||
# so we remove the default file if it exists
|
||||
file { $sshd_root_login_file:
|
||||
ensure => absent,
|
||||
path => $sshd_root_login_file,
|
||||
notify => Service[$sshd_service],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user