chef-ssh-hardening 2.0.0
·
154 commits
to master
since this release
v2.0.0 (2017-02-06)
Implemented enhancements:
- Send and Accept locale environment variables #167 (mikemoate)
- Use different algorithms depending on the ssh version #166 (artem-sidorenko)
- Avoid small primes for DH and allow rebuild of DH primes #163 (artem-sidorenko)
- Removal of DSA key from defaults #161 (artem-sidorenko)
- Allow log level configuration of sshd #159 (artem-sidorenko)
- Switch UsePAM default to yes #157 (artem-sidorenko)
- Split the attribues to the client and server areas #150 (artem-sidorenko)
- Attribute namespace ['ssh-hardening'] added #144 (artem-sidorenko)
- Add node attributes to override KEX, MAC and cipher values #141 (bazbremner)
Fixed bugs:
- IPv6 is not working still if its enabled #140
Closed issues:
- Verify the current crypto settings #162
- Possibly missing locale handling #160
- Error message about DSA key on RHEL 7 #158
- Attributes should be in the own namespace ssh-hardening #142
- Move entire crypto parameter configuration in tests to the centralized place #137
- Move UsePrivilegeSeparation.get to the new library #136
- Release 2.0.0 #133
- configure log level #117
- UsePAM should probably default to yes on Red Hat Linux 7 #96
- refactor library kex and cipher implementation #87
- prohibit use of weak dh moduli #65
- Harmonize API #53
- SSH rootkey configuration is too open #16
Merged pull requests:
- Add oracle bento boxes to vagrant testing #168 (artem-sidorenko)
- Project data for changelog generator #164 (artem-sidorenko)
- Improve the docs on the attribute overriding #156 (artem-sidorenko)
- Tests for GH-131 and GH-132 #155 (artem-sidorenko)
- Update attribute documentation in README #154 (artem-sidorenko)
- Fix the broken master #153 (artem-sidorenko)
- Fixing the broken links in docs #152 (artem-sidorenko)
- Some tests for attributes of last merged PRs #151 (artem-sidorenko)
- Get rid of chefspec/fauxhai warnings in the unit tests #149 (artem-sidorenko)
- Bugfix: sshd listens on IPv6 interface if enabled #148 (artem-sidorenko)
- Update and cleanup of Gemfile #147 (artem-sidorenko)
- Cleanup of some unmaintained docs/files #146 (artem-sidorenko)
- Removal of deprecated attributes #145 (artem-sidorenko)
- Removal of deprecated authorized_keys handling #143 (artem-sidorenko)
- Refactoring of library to simplify the kex/cipher handling #134 (artem-sidorenko)