Gitlab Community Edition Instance

Skip to content
Snippets Groups Projects
Commit 89b0f623 authored by Benedikt Wegmann's avatar Benedikt Wegmann
Browse files

manifests/openssh_server.pp: Option für schwache Keys/Cipers zulassen

parent 87a03afb
No related branches found
No related tags found
No related merge requests found
# openssh-server konfigurieren
class ubuntu_server::openssh_server($port='22',$groups_only='root',$authorized_keys=false){
class ubuntu_server::openssh_server($port='22',$groups_only='root',$authorized_keys=false,$use_no_weak_crypto=true){
package{['openssh-server','openssh-blacklist-extra','openssh-blacklist']:
ensure => present,
......@@ -36,40 +36,42 @@ class ubuntu_server::openssh_server($port='22',$groups_only='root',$authorized_k
}
}
file_line{'openssh_server_config_KexAlgorithms':
path => '/etc/ssh/sshd_config',
line => 'KexAlgorithms diffie-hellman-group-exchange-sha256',
match => '^KexAlgorithms',
require => Package['openssh-server'],
} ~> Service['ssh']
if $use_no_weak_crypto == true {
file_line{'openssh_server_config_KexAlgorithms':
path => '/etc/ssh/sshd_config',
line => 'KexAlgorithms diffie-hellman-group-exchange-sha256',
match => '^KexAlgorithms',
require => Package['openssh-server'],
} ~> Service['ssh']
file_line{'openssh_server_config_Ciphers':
path => '/etc/ssh/sshd_config',
line => 'Ciphers aes256-ctr,aes192-ctr,aes128-ctr',
match => '^Ciphers',
require => Package['openssh-server'],
} ~> Service['ssh']
file_line{'openssh_server_config_Ciphers':
path => '/etc/ssh/sshd_config',
line => 'Ciphers aes256-ctr,aes192-ctr,aes128-ctr',
match => '^Ciphers',
require => Package['openssh-server'],
} ~> Service['ssh']
file_line{'openssh_server_config_NoDSA':
path => '/etc/ssh/sshd_config',
line => '#HostKey /etc/ssh/ssh_host_dsa_key',
match => '^HostKey /etc/ssh/ssh_host_dsa_key',
require => Package['openssh-server'],
} ~> Service['ssh']
file_line{'openssh_server_config_NoDSA':
path => '/etc/ssh/sshd_config',
line => '#HostKey /etc/ssh/ssh_host_dsa_key',
match => '^HostKey /etc/ssh/ssh_host_dsa_key',
require => Package['openssh-server'],
} ~> Service['ssh']
file_line{'openssh_server_config_NoEcdsa':
path => '/etc/ssh/sshd_config',
line => '#HostKey /etc/ssh/ssh_host_ecdsa_key',
match => '^HostKey /etc/ssh/ssh_host_ecdsa_key',
require => Package['openssh-server'],
} ~> Service['ssh']
file_line{'openssh_server_config_NoEcdsa':
path => '/etc/ssh/sshd_config',
line => '#HostKey /etc/ssh/ssh_host_ecdsa_key',
match => '^HostKey /etc/ssh/ssh_host_ecdsa_key',
require => Package['openssh-server'],
} ~> Service['ssh']
file_line{'openssh_server_config_NoEd25519':
path => '/etc/ssh/sshd_config',
line => '#HostKey /etc/ssh/ssh_host_ed25519_key',
match => '^HostKey /etc/ssh/ssh_host_ed25519_key',
require => Package['openssh-server'],
} ~> Service['ssh']
file_line{'openssh_server_config_NoEd25519':
path => '/etc/ssh/sshd_config',
line => '#HostKey /etc/ssh/ssh_host_ed25519_key',
match => '^HostKey /etc/ssh/ssh_host_ed25519_key',
require => Package['openssh-server'],
} ~> Service['ssh']
}
service{'ssh':
ensure => running,
......
......@@ -24,4 +24,16 @@ describe "ubuntu_server::openssh_server" do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/root/.ssh/authorized_keys').with_source('/path/to/keys') }
end
context "with $use_no_weak_crypto=false" do
let(:params) {{
:use_no_weak_crypto => false,
}}
it { is_expected.to compile.with_all_deps }
it { is_expected.not_to contain_file_line('openssh_server_config_KexAlgorithms') }
it { is_expected.not_to contain_file_line('openssh_server_config_Ciphers') }
it { is_expected.not_to contain_file_line('openssh_server_config_NoDSA') }
it { is_expected.not_to contain_file_line('openssh_server_config_NoEcdsa') }
it { is_expected.not_to contain_file_line('openssh_server_config_NoEd25519') }
end
end
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment