aboutsummaryrefslogtreecommitdiffstats
path: root/modules/openssh
Commit message (Collapse)AuthorAgeFilesLines
* Use @ when accessing variables in templatesHEADmasterDan Fandrich6 days1-4/+4
| | | | | | | | Access without the @ symbol is the older method and is discouraged. This take leaves alone accesses of variables that are defined within the template, which don't seem to allow an @. This is the second batch of files.
* Remove conditionals for releases older than Mageia 6Dan Fandrich2024-10-151-15/+0
| | | | | This eliminates a bunch of conditionals, simplifying the configuration. We no longer have any servers running on a release older than this.
* Revert "Use @ when accessing variables in templates"Dan Fandrich2024-10-042-6/+6
| | | | | | Variables defined within a template can't be accessed with @. This change needs to be reworked to eliminate those cases. This reverts commits 2c7da665 and ae197622.
* Use @ when accessing variables in templatesDan Fandrich2024-10-042-6/+6
| | | | Access without the @ symbol is the older method and is discouraged.
* Remove some extra quote characters accidentally submittedDan Fandrich2023-12-271-3/+1
|
* Port ldap-sshkey2file.py to Python 3Dan Fandrich2023-12-272-96/+91
| | | | It now also passes pytype and (mostly) flake8 checks.
* this is python2 codeThomas Backlund2021-11-281-1/+1
|
* flip package names on require tooThomas Backlund2019-09-181-2/+2
|
* flip package namesThomas Backlund2019-09-181-2/+2
|
* fix up versioncmp issuesThomas Backlund2019-09-161-2/+5
|
* openssh: fix up python2-ldap deps for mga7Thomas Backlund2019-09-161-0/+4
|
* fix up openssh python2-ldapThomas Backlund2019-09-161-2/+2
|
* adjust openssh deps for mga7Thomas Backlund2019-09-161-0/+4
|
* Disable ChallengeResponseAuthenticationPascal Terjan2018-03-041-1/+1
|
* sshd: disable UsePAMThomas Backlund2018-03-041-1/+1
|
* Stop using ssh_host_key on Mageia 6Pascal Terjan2017-09-241-0/+2
|
* Drop deprecated sshd optionPascal Terjan2017-09-241-0/+2
|
* Make Mageia 6 fix more widely avaialablePascal Terjan2017-09-241-6/+6
|
* Workaround lack of mga6 support in our configsPascal Terjan2017-09-242-0/+10
|
* ldap-sshkey2file.py: add dry-run and verbose modeOlivier Blin2017-02-231-0/+16
|
* ldap-sshkey2file.py: use argparse for options parsing and usageOlivier Blin2017-02-231-16/+15
|
* ldap-sshkey2file.py: reorder code in write_keys to prepare adding a dry-run modeOlivier Blin2017-02-231-29/+29
|
* ldap-sshkey2file.py: fix path of authorized_keys in usageOlivier Blin2017-02-231-1/+1
|
* Fix ldap-sshkey2file so it doesn't crash when a user has no uidNumberDan Fandrich2017-02-231-3/+3
| | | | | This shouldn't happen in normal operation, but can happen when binding to a DN who doesn't have access to that attribute.
* Allow mga-unrestricted_shell_access group login on duvelOlivier Blin2017-02-211-1/+1
| | | | Also-by: Dan Fandrich <dan@coneharvesters.com>
* Remove unnecessary AllowGroups sshd restriction on rabbitOlivier Blin2017-02-211-4/+0
| | | | | | | | This is already covered by pam.d/system-auth, which only allows local users and authorized access classes. Otherwise, login fails: sshd[1234]: fatal: Access denied for user XXX by PAM account configuration [preauth]
* Disable password for ssh on all machinesPascal Terjan2016-10-131-1/+1
|
* Allow iurt to ssh to rabbitPascal Terjan2016-10-131-1/+1
|
* Restrict ssh access on rabbitPascal Terjan2016-10-131-0/+4
|
* openssh: Fix writing ssh public keys, with new ldap secret locationOlivier Blin2016-02-212-5/+40
| | | | ldap secret is now stored in the bindpw field of /etc/nslcd.conf
* Allow members of mga-sysadmin to log in via sshDan Fandrich2016-02-191-1/+1
| | | | | This only works on hosts where users' ssh keys are copied, namely those including openssh::ssh_keys_from_ldap
* openssh: do not force command for git userOlivier Blin2016-02-071-1/+2
| | | | | The "gitolite <username>" is already set in /var/lib/git/.ssh/authorized_keys, and we do not want to override it.
* openssh: fix forcing sv_membersh commandOlivier Blin2016-02-071-1/+1
| | | | | | | | | | The following rule did not work as intended: Match User !schedbot User !root This one does (with a leading wildcard): Match User *,!schedbot,!root See http://superuser.com/questions/952235/why-arent-my-negative-matches-working
* Force sv_membersh.pl in ssh on duvelPascal Terjan2016-02-071-0/+4
| | | | | That way we don't need to have it as default shell for everyone on the machine It should probably not hardcode duvel though
* variable enclosing fixesThomas Backlund2015-10-201-1/+1
|
* openssh: Ensure ownership is set correctly on authorized_keysColin Guthrie2015-02-061-0/+5
| | | | | | This was highlighted by a problem encountered by Nicolas Salguero. Many thanks for your patience.
* openssh: Fix python copy/paste error.Colin Guthrie2015-02-031-1/+1
| | | | Introduced in d5148ffbb0514c37893002e4988c5f7f379586bf
* openssh: Also update gitolite config when SSH keys change.Colin Guthrie2015-01-181-1/+1
| | | | | This should avoid the problems encountered recently with Donald's SSH key update and git access.
* openssh: Return failure when no keys are updated.Colin Guthrie2015-01-181-2/+15
| | | | We can then use this exit status to run other commands when keys are updated.
* openssh: Only write authorized_keys file when it's differentColin Guthrie2015-01-181-7/+20
| | | | | This saves disk churn and will eventually allow us to take further action when keys actually change.
* openssh: Use temp file when writing keys from LDAP.Colin Guthrie2015-01-181-7/+12
| | | | | | | This helps avoid a race condition when the file is not yet written properly when a new SSH connection from that user comes in. This isn't really a problem in practice, but we may as well do it.
* Revert "Temporary hack to work around LDAP server sync problem"Colin Guthrie2014-09-231-6/+0
| | | | | | This reverts commit cc302084ccf54fb8f067f8dd5d7f7c07ed50b019. Slave LDAP now back cookin' on gas!
* Temporary hack to work around LDAP server sync problemColin Guthrie2014-09-161-0/+6
|
* Partially revert part of r3378 which wasn't meant to be in the commit :(Colin Guthrie2013-12-051-2/+0
|
* Add mgaonline to the freeze exception pkg regexpColin Guthrie2013-12-051-0/+2
|
* openssh::ssh_keys_from_ldap: remove unused parameterNicolas Vigier2013-07-061-1/+1
|
* openssh: switch to standard path for authorized_keys fileNicolas Vigier2013-07-064-53/+1
|
* ldap-sshkey2file.py: export ssh keys to /home directoryNicolas Vigier2013-07-061-5/+14
| | | | Thanks to Colin for help on this
* More mga-common mga_common remaningNicolas Vigier2013-06-191-1/+1
|
* Rename mga-common module to mga_common.Nicolas Vigier2013-06-191-1/+1
| | | | New puppet version doesn't like modules with a - in their name.