- none
- Fedora 38 has no longer non-standard hostkey permissions
- Fingerprint ansible-sshd managed config files
- Add support for Alpine OS (#212)
- Add support for managing selinux and firewall on RHEL-based systems (#211)
- Update tests to not use configuration options available in system defaults (#213)
- Improve manual pages processing in tests to accommodate Alpine's busybox man (#213)
- Add a Github action to check for non-inclusive language (#215)
-
Adding support for OpenWrt 21.03
-
Add final version of RequiredRSASize
Keep the old version for backward compatibility
Upstream commit: https://github.com/openssh/openssh-portable/commit/1875042c
- Update source template to match generated files
-
Remove legacy files
-
Update pre-commit plugins to latest
-
Linting fixes
-
keep v prefix in version/tag
Keep the v prefix in the version/tag
- Make drop-in config file functionality configurable by user
This PR simplifies the logic behind the drop-in config files and also allows the user to use drop-in configs even if the distribution does not support it out of the box.
- Allow user to override variables
A previous commit hardcoded many variables to the values under vars/, making it impossible for the user to parameterize things like the systemd service name. The assumption was that the _sshd* variables were useless in an effort to blindly adhere to best practices, but they were crucial in allowing flexibility to the user.
- none
- add parameter RSAMinSize
Add support for the new RSAMinSize parameter.
- Ensure values are cast to correct type
willshersystems#188 This shouldn't be necessary, but there seems no way to guarantee using a version of Jinja which doesn't have this problem.
In addition - it is not good practice to compare values to
true or false - instead, just ensure the value is a bool
type and evaluate in a boolean context.
- Addition notes about secondary variables
- Fix various linting issues
- Revert incorrect module name
- tests: Do not be picky about spaces/tabs
When testing with cloud-init, it modifies the sshd_configuration and can replace some tabs with whitespaces. This happens frequently around the subsystem keyword. There are no functional changes, but the matching did not work as expected.
Signed-off-by: Jakub Jelen [email protected]
-
the role still supports ansible 2.9
-
Add CHANGELOG.md
-
Add changelog_to_tag.yml to .github/workflows
Description: When a new changelog section is added to CHANGELOG.md and pushed, changelog_to_tag.yml is triggered, which generates a new tag and a new release.
- none
- Remove kvm from virtualization platforms
- none
- Unbreak FIPS detection and stabilize failing tests and GH actions
- Make sure Include is in the main configuration file when drop-in directory is used
- Make the role FIPS-aware
- Fix runtime directory check condition
- README: fix meta/make_option_lists link
- none
- none
- Use {{ ansible_managed | comment }} to fix multi-line ansible_managed
- none
- Drop support for Ansible 2.8 by bumping the Ansible version to 2.9
- none
- none
- Add Debian 11 (bullseye) support
- Fix wrong template file
- Remove travis configuration and update readme with new badges
- Add CentOS 6 to CI
- Add support for RHEL 9 and adjust tests for it
- none
- none
- Add configuration options from OpenSSH 8.6p1
- Rename sshd_namespace_append to sshd_config_namespace
- Support for appending a snippet to configuration file
- Update meta data and README
- use state: absent instead of state: missing
- [FreeBSD] Add Subsystem to _sshd_defaults
- UsePrivilegeSeparation is deprecated since 2017/OpenSSH 7.5 - https://www.openssh.com/txt/release-7.5
- examples: Provide simple example playbook
- Fix variable precedence when invoked through legacy "roles:"
- Fix issues found by linters - enable all tests on all repos - remove suppressions
- README: Document missing exported variable
- Improve test coverage with new test cases and new distros, fixing minor issues on the way
- none
- none
- Run tests with Github Actions and fix things on the way
- none
- none
- Rename tests to follow best practices and make galaxy linters happy
- Implement more natural match blocks and test them
- Support /etc/sysconfig/sshd to override crypto policies and handle more advanced use cases
- README: Fix missing code block termination
- subsystem appears to be ignored
- none
- none
- Remove extra blank line
- Disable broken ansible-lint-actions
- Cleanup lint issues, update documentation, fix typos
- Implement more coherence check tests
- Use ansible_distribution_major_version in variables
- Create CODE_OF_CONDUCT.md
- none
- none
- Minimum version is now Ansible 2.8
- exit_host on ansible >= 2.8
- OpenBSD and ansible_distribution_major_version
- none
- none
- none
- none
- Ubuntu focal, CI updates, code quality improvements
- Add new options from OpenSSH 8.3p1 (including CASignatureAlgorithms)
- none
- none
- Add Gentoo support (with secure sshd defaults)
- none
- none
- add debian 10 (buster) support
- Add vars for openSUSE Leap 15 and CentOS 8
- none
- none
- Remove duplicate GatewayPorts
- AIX support (including new AIX handler)
- Updates syntax to Ansible 2.7 era
- none
- none
- none
- Travis fixes
- Resolve lint errors
- none
- Remove 'UsePrivilegeSeparation' from Fedora defaults
- Backup of sshd_config dependent on variable
- none
- none
- none
- Fix variable loading.
- none
- Make role work with chroot connections on EL 7.
- Remove deprecated options
- none
- none
- Fixes bad option in systemd service file
- none
- Adds on/off toggle
- none
- none
- Adds ability to install a systemd service
- Add Ubuntu_18.yml
- Add missing options
- expose sshd_config template backup option with sshd_backup variable
- none
- none
- Add CoreOS support
- none
- none
- none
- Amazon var name should be sshd_defaults
- none
- Remove Deprecated options in default SSH config
- Add StreamLocalBindUnlink option
- Makes handler use listen: option
- Removes tags
- change
ansible_pkg_mgrfor package
- Fix for ansible_virtualization_type not being defined in Ansible > 2.5
- Fix Arch Linux var file
- none
- Add Debian 9 (stretch) vars
- none
- none
- Add note about UsePAM on RHEL 7
- Ansible23 fixes
- Remove circular symlink in tests dir
- none
- none
- Fixed sshd_match blocks
- none
- none
- Fix sshd service state
- none
- clean Archlinux support to match the current package (openssh-7.4p1-2)
- vars: SUSE: Add default variables for SUSE based distributions
- none
- none
- Don't fail without package manager
- none
- none
- Support for OpenBSD
- none
- none
- show xenial support on galaxy
- none
- none
- Added ubuntu 16.04 config
- none
- none
- none
- fix deprecation warning for sshd_packages
- Housekeeping
- none
- Fix for CentOS 6 l_value issue
- Update example so not to break old SSH versions and add a warning
- none
- Fedora HostKey(s)
- none
- none
- none
- Do not manage /var/run/sshd on CentOS7 fixes #27
- none
- DebianBanner support
- none
- none
- Verify SSHd config early
- Add Fedora support
- fix type in AcceptEnv for RedHat7
- Fix issues - not reloading with default sshd_allow_reload value
- none
- Make the role more container friendly
- Remove apt role dependency
- fix type in AcceptEnv
- none
- none
- Don't install openssh-sftp-server on Debian
- none
- none
- none
- Add precise, move 14.04 to specific configuration
- Feature/debian defaults
- Minor typo fixes and add Archlinux support