aboutsummaryrefslogtreecommitdiffstats
path: root/modules/openssh
Commit message (Collapse)AuthorAgeFilesLines
* Separate running the SSH keys script from the mgagit script (mga#34826)Dan Fandrich2026-01-071-1/+1
| | | | | | | | | The mgagit script was previously run after the SSH keys script, but only if an SSH key was updated. That meant that any group changes were not reflected until after someone changed an SSH key. Decouple the running of the two scripts since they are not (completely) dependent on each other.
* Use @ when accessing variables in templatesDan Fandrich2024-11-201-4/+4
| | | | | | | | Access without the @ symbol is the older method and is discouraged. This take leaves alone accesses of variables that are defined within the template, which don't seem to allow an @. This is the second batch of files.
* Remove conditionals for releases older than Mageia 6Dan Fandrich2024-10-151-15/+0
| | | | | This eliminates a bunch of conditionals, simplifying the configuration. We no longer have any servers running on a release older than this.
* Revert "Use @ when accessing variables in templates"Dan Fandrich2024-10-042-6/+6
| | | | | | Variables defined within a template can't be accessed with @. This change needs to be reworked to eliminate those cases. This reverts commits 2c7da665 and ae197622.
* Use @ when accessing variables in templatesDan Fandrich2024-10-042-6/+6
| | | | Access without the @ symbol is the older method and is discouraged.
* Remove some extra quote characters accidentally submittedDan Fandrich2023-12-271-3/+1
|
* Port ldap-sshkey2file.py to Python 3Dan Fandrich2023-12-272-96/+91
| | | | It now also passes pytype and (mostly) flake8 checks.
* this is python2 codeThomas Backlund2021-11-281-1/+1
|
* flip package names on require tooThomas Backlund2019-09-181-2/+2
|
* flip package namesThomas Backlund2019-09-181-2/+2
|
* fix up versioncmp issuesThomas Backlund2019-09-161-2/+5
|
* openssh: fix up python2-ldap deps for mga7Thomas Backlund2019-09-161-0/+4
|
* fix up openssh python2-ldapThomas Backlund2019-09-161-2/+2
|
* adjust openssh deps for mga7Thomas Backlund2019-09-161-0/+4
|
* Disable ChallengeResponseAuthenticationPascal Terjan2018-03-041-1/+1
|
* sshd: disable UsePAMThomas Backlund2018-03-041-1/+1
|
* Stop using ssh_host_key on Mageia 6Pascal Terjan2017-09-241-0/+2
|
* Drop deprecated sshd optionPascal Terjan2017-09-241-0/+2
|
* Make Mageia 6 fix more widely avaialablePascal Terjan2017-09-241-6/+6
|
* Workaround lack of mga6 support in our configsPascal Terjan2017-09-242-0/+10
|
* ldap-sshkey2file.py: add dry-run and verbose modeOlivier Blin2017-02-231-0/+16
|
* ldap-sshkey2file.py: use argparse for options parsing and usageOlivier Blin2017-02-231-16/+15
|
* ldap-sshkey2file.py: reorder code in write_keys to prepare adding a dry-run modeOlivier Blin2017-02-231-29/+29
|
* ldap-sshkey2file.py: fix path of authorized_keys in usageOlivier Blin2017-02-231-1/+1
|
* Fix ldap-sshkey2file so it doesn't crash when a user has no uidNumberDan Fandrich2017-02-231-3/+3
| | | | | This shouldn't happen in normal operation, but can happen when binding to a DN who doesn't have access to that attribute.
* Allow mga-unrestricted_shell_access group login on duvelOlivier Blin2017-02-211-1/+1
| | | | Also-by: Dan Fandrich <dan@coneharvesters.com>
* Remove unnecessary AllowGroups sshd restriction on rabbitOlivier Blin2017-02-211-4/+0
| | | | | | | | This is already covered by pam.d/system-auth, which only allows local users and authorized access classes. Otherwise, login fails: sshd[1234]: fatal: Access denied for user XXX by PAM account configuration [preauth]
* Disable password for ssh on all machinesPascal Terjan2016-10-131-1/+1
|
* Allow iurt to ssh to rabbitPascal Terjan2016-10-131-1/+1
|
* Restrict ssh access on rabbitPascal Terjan2016-10-131-0/+4
|
* openssh: Fix writing ssh public keys, with new ldap secret locationOlivier Blin2016-02-212-5/+40
| | | | ldap secret is now stored in the bindpw field of /etc/nslcd.conf
* Allow members of mga-sysadmin to log in via sshDan Fandrich2016-02-191-1/+1
| | | | | This only works on hosts where users' ssh keys are copied, namely those including openssh::ssh_keys_from_ldap
* openssh: do not force command for git userOlivier Blin2016-02-071-1/+2
| | | | | The "gitolite <username>" is already set in /var/lib/git/.ssh/authorized_keys, and we do not want to override it.
* openssh: fix forcing sv_membersh commandOlivier Blin2016-02-071-1/+1
| | | | | | | | | | The following rule did not work as intended: Match User !schedbot User !root This one does (with a leading wildcard): Match User *,!schedbot,!root See http://superuser.com/questions/952235/why-arent-my-negative-matches-working
* Force sv_membersh.pl in ssh on duvelPascal Terjan2016-02-071-0/+4
| | | | | That way we don't need to have it as default shell for everyone on the machine It should probably not hardcode duvel though
* variable enclosing fixesThomas Backlund2015-10-201-1/+1
|
* openssh: Ensure ownership is set correctly on authorized_keysColin Guthrie2015-02-061-0/+5
| | | | | | This was highlighted by a problem encountered by Nicolas Salguero. Many thanks for your patience.
* openssh: Fix python copy/paste error.Colin Guthrie2015-02-031-1/+1
| | | | Introduced in d5148ffbb0514c37893002e4988c5f7f379586bf
* openssh: Also update gitolite config when SSH keys change.Colin Guthrie2015-01-181-1/+1
| | | | | This should avoid the problems encountered recently with Donald's SSH key update and git access.
* openssh: Return failure when no keys are updated.Colin Guthrie2015-01-181-2/+15
| | | | We can then use this exit status to run other commands when keys are updated.
* openssh: Only write authorized_keys file when it's differentColin Guthrie2015-01-181-7/+20
| | | | | This saves disk churn and will eventually allow us to take further action when keys actually change.
* openssh: Use temp file when writing keys from LDAP.Colin Guthrie2015-01-181-7/+12
| | | | | | | This helps avoid a race condition when the file is not yet written properly when a new SSH connection from that user comes in. This isn't really a problem in practice, but we may as well do it.
* Revert "Temporary hack to work around LDAP server sync problem"Colin Guthrie2014-09-231-6/+0
| | | | | | This reverts commit cc302084ccf54fb8f067f8dd5d7f7c07ed50b019. Slave LDAP now back cookin' on gas!
* Temporary hack to work around LDAP server sync problemColin Guthrie2014-09-161-0/+6
|
* Partially revert part of r3378 which wasn't meant to be in the commit :(Colin Guthrie2013-12-051-2/+0
|
* Add mgaonline to the freeze exception pkg regexpColin Guthrie2013-12-051-0/+2
|
* openssh::ssh_keys_from_ldap: remove unused parameterNicolas Vigier2013-07-061-1/+1
|
* openssh: switch to standard path for authorized_keys fileNicolas Vigier2013-07-064-53/+1
|
* ldap-sshkey2file.py: export ssh keys to /home directoryNicolas Vigier2013-07-061-5/+14
| | | | Thanks to Colin for help on this
* More mga-common mga_common remaningNicolas Vigier2013-06-191-1/+1
|
generated by cgit v1.2.1 (git 2.21.0) at 2026-03-28 11:03:46 +0000