7.0.0 (2019-09-17)
Implemented enhancements:
Fixed bugs:
- Unable to connect after applying the role (Ubuntu 18.04, AWS EC2) #229
Closed issues:
- Can't connect to new instance created from hardened image #189
Merged pull requests:
- changed string comparison to version comparison #234 (gobind-singh)
6.2.0 (2019-08-05)
Implemented enhancements:
- added support for
ssh\_server\_match\_address(#230) #231 (MatthiasLohr)
6.1.3 (2019-06-09)
Implemented enhancements:
- Fix squash_actions deprecation in test playbooks #228 (Normo)
- Fix deprecation warnings in Ansible 2.8 #227 (Normo)
Fixed bugs:
- deprecation warnings in Ansible 2.8 #226
6.1.2 (2019-05-17)
Fixed bugs:
- sshd_custom_options used in ssh_config generation #224
Merged pull requests:
6.1.1 (2019-05-07)
Fixed bugs:
- Missing indent for
ChrootDirectoryinMatch Group sftponly#221
Merged pull requests:
6.1.0 (2019-05-04)
Implemented enhancements:
- PermitRootLogin yes #190
- Match Group' in configuration but 'user' not in connection test specification #188
- Allow custom values #175
- use selinux fact to check if selinux is used #220 (rndmh3ro)
- Remove eol os and add fedora #218 (rndmh3ro)
- document and move custom variables #217 (rndmh3ro)
- fix: allow other ssh ports using selinux #214 (guilieb)
- Make ansible-lint happy #204 (alexclear)
- Fix ssh and sshd config files to satisfy inspec reqs on all Testkitchen setups #203 (alexclear)
- enable ssh 7.7p1 support #202 (rndmh3ro)
- Removed DEPRECATION WARNING for apt, using list instead of with_items #201 (jonaswre)
Fixed bugs:
- Using more than one rule in a Group or User Match block? #207
- fix multiple match rules not working #207 #208 (rndmh3ro)
6.0.0 (2018-11-18)
Implemented enhancements:
Fixed bugs:
- GSSAPI support broken. Can't be enabled. #192
- Unsupported option "rhostsrsaauthentication" "rsaauthentication" #184
- Weak kex are controlled by wrong variable ? #174
- Can't connect to server by SSH after applying this role #115
Closed issues:
Merged pull requests:
- Support for custom configuration #199 (MatthiasLohr)
- parameterize PermitRootLogin #195 (rndmh3ro)
- set 'GSSAPIAuthentication yes' if variable 'ssh_gssapi_support' is set to 'true' #194 (szEvEz)
- Use ansible version compare module #187 (Neophy7e)
- add ubuntu 18.04 support #186 (rndmh3ro)
5.0.0 (2018-09-16)
Implemented enhancements:
- Fixing the broken Ansible dependency mechanism #176
- Include new baseline-tests #161
- GlobalKnownHostsFile missing from ssh_config #155
- Options not compatible with OpenSSH server 7.6 #151
- Kitchen travis #180 (rndmh3ro)
- update config of kex, macs, ciphers #179 (rndmh3ro)
- add debian 9 and a comment #178 (rndmh3ro)
- Dependency flag #177 (jcheroske)
- Travis #173 (rndmh3ro)
- OpenBSD Support #171 (jbronn)
- Implement disabling chroot for sftp #166 (towo)
- New tests #163 (rndmh3ro)
- yaml-lint update, refactor tasks #162 (rndmh3ro)
- Handle a few deprecated OpenSSH options #160 (ageis)
- Added support for TrustedUserCAKeys and AuthorizedPrincipalsFile. #157 (gdelafond)
- Adds sshd config for keyboard-interactive pam device #156 (rcII)
- Use package state 'present' since 'installed' is deprecated #154 (Normo)
- conform to current dev-sec/ssh-baseline #150 (alval5280)
- new parameter: ssh_max_startups #149 (aeschbacher)
- Update syntax to 2.4 #148 (thomasjpfan)
- Amazonlinux-Testing #147 (rndmh3ro)
- Fixed trailing whitespace #146 (zbrojny120)
- Add support for Amazon Linux #145 (woneill)
Fixed bugs:
- ssh_server_weak_kex variable is not used any where #167
- opensshd.conf.j2 template type error #159
- line 56: Bad SSH2 mac spec #135
Closed issues:
- Travis & Debian 9 "Stretch" #158
Merged pull requests:
4.4.0 (2017-12-29)
Implemented enhancements:
- Changes in selinux section to avoid confusion and some inconsistencies #127
- Issue #137: Fix sshd_config's "Match Group sftponly" #138 (kekumu)
- allow configuration of GatewayPorts #136 (pwyliu)
- Added support for AuthorizedKeysFile config setting #132 (hyrsky)
- corrected comments explaining the task's behaviour #131 (martinbydefault)
- Feature/2fa auth #123 (lazzurs)
Fixed bugs:
- ssh_use_dns used twice in defaults/main.yml #129
Closed issues:
- coreos support? #142
- UseLogin is deprecated on CentOS 7 #140
- sftp Match Group settings overriding global sshd_config settings #137
- get openssh-version fails on FreeBSD (with ansible 2.4.0.0) #133
Merged pull requests:
- Remove deprecated UseLogin option #141 (syhe)
- Macs kex ciphers #139 (rndmh3ro)
- force /bin/sh when getting openssh-version #134 (gtz42)
4.3.1 (2017-08-14)
Implemented enhancements:
- Remove duplicate ssh_use_dns #130 (MagnusEnger)
Fixed bugs:
- System completely unresponsive after role execution #126
Closed issues:
- role creates duplicate parameter/values after run #124
4.3.0 (2017-08-03)
Implemented enhancements:
- Fix ansible.cfg settings #122 (fazlearefin)
- Finish 94 #116 (rndmh3ro)
Merged pull requests:
- Don't overwrite ssh_host_key_files if set manually #125 (oakey-b1)
- Add comment filter to {{ansible_managed}} string #121 (fazlearefin)
4.1.3 (2017-06-30)
4.2.0 (2017-06-30)
Implemented enhancements:
- Add support to specify a list of revoked public keys #120 (bachp)
- use package instead of yum so the operation works on Fedora #119 (stenwt)
Fixed bugs:
- fails in --check mode #111
Merged pull requests:
4.1.2 (2017-05-31)
Implemented enhancements:
Fixed bugs:
- User login failed after running this module #114
Closed issues:
- Update readme to include baselines #110
4.1.1 (2017-05-18)
Implemented enhancements:
4.1.0 (2017-05-09)
Implemented enhancements:
- Provide option to allow password server login #106
- Deprecation warning always_run #82
- Added support for UseDNS config switch #109 (ftaeger)
- Added support for UseDNS config switch #108 (ftaeger)
Fixed bugs:
create ssh\_config and set permissions to root/644step repeated #104
Merged pull requests:
- Added support for PermitTunnel config switch #112 (fti7)
- Adds option to enable password based authentication on the server #107 (colin-nolan)
4.0.0 (2017-04-22)
Implemented enhancements:
- Avoid small primes for DH and allow rebuild of DH primes #89
- Accommodate missing plugins in kitchen_vagrant_block.rb #100 (fullyint)
- Use different Hostkeys according to installed ssh version #99 (rndmh3ro)
- Remove small dh primes #97 (rndmh3ro)
- Add Ed25519 SSH host key to match commit 28b4df3 in ssh-baseline #96 (techraf)
- Add support for FreeBSD OpenSSH server and client #95 (jbenden)
- Replace deprecated always_run with check_mode #93 (jbenden)
- Defaults: Remove DSA from SSH host keys to match ssh-baseline profile #92 (techraf)
- use new docker images #91 (rndmh3ro)
- use centos 7 in vagrant, limit ssh conns #88 (rndmh3ro)
- remove support for ansible 1.9 #87 (rndmh3ro)
- make ChallengeResponseAuthentication configurable #85 (rndmh3ro)
- List only one Port in ssh config #84 (fullyint)
- Fix ssh config to handle custom options per Host #83 (fullyint)
Fixed bugs:
- SELinux-specific task still runs on SELinux-disabled systems #74
Closed issues:
Merged pull requests:
- remove duplicate section #105 (rndmh3ro)
- Fix ssh_server_ports and ssh_client_ports documentation bug #80 (kivilahtio)
3.2.0 (2016-10-24)
Implemented enhancements:
- CentOS 7 selinux dependencies #76
- install selinux dependencies, check for already installed semodule #79 (rndmh3ro)
- Parameterise Banner and DebianBanner as defaults #77 (tsenart)
Fixed bugs:
- Some tasks are always run even if they are not needed #78
- Selinux issue #75
- Running the tests locally #61
Closed issues:
- Applied-Crypto-Hardening project and new cyphers. #28
3.1.0 (2016-08-03)
Implemented enhancements:
- use new ciphers, kex, macs and privilege separation for redhat family 7 or later #72
3.1 (2016-08-03)
Implemented enhancements:
- Add Xenial / Ubuntu 16.04 LTS to meta/main.yml #63
- Use new ciphers, kex, macs and priv separation sandbox for redhat family 7 #73 (atomic111)
- add docker support #71 (rndmh3ro)
- add always_run: true to task. fix #64 #69 (rndmh3ro)
- Debian8 #68 (rndmh3ro)
- Fixed KexAlgorithms Conditional Statement #66 (cjsheets)
- Moves vars to defaults #60 (conorsch)
Fixed bugs:
- semodule ssh_password error on AWS Centos 7 #64
Closed issues:
ssh\_server\_portsa bit misleading in the vars section? #62- sftp_enabled: false will break Ansible's template module #55
- Move cipher/kex/mac vars to defaults #53
Merged pull requests:
3.0.0 (2016-03-13)
Implemented enhancements:
- Added sftp_enabled, sftp_chroot_dir, and ssh_client_roaming from the … #57 (shirokatze)
- add test support for ansible 1.9 and 2.0 #56 (rndmh3ro)
- update platforms in meta-file #52 (rndmh3ro)
- add webhook for ansible galaxy #51 (rndmh3ro)
- Disable experimental client roaming. #49 (rndmh3ro)
- use inspec as test framework #48 (chris-rock)
- Change categories to tags for upcoming ansible 2.0 #47 (rndmh3ro)
- add changelog generator #46 (chris-rock)
Closed issues:
Merged pull requests:
2.0.0 (2015-11-28)
Closed issues:
- Fix directory structure. #43
Merged pull requests:
- New dir layout. Fix #43 #44 (rndmh3ro)
- Add var to travis job #42 (rndmh3ro)
- sftp_enable option #41 (fitz123)
1.2.1 (2015-10-16)
Merged pull requests:
1.2 (2015-09-28)
1.2.0 (2015-09-28)
Merged pull requests:
- bugfix. Now option true for PrintLastLog is available again #39 (fitz123)
- Add more travis-tests #38 (rndmh3ro)
- Support for selinux and pam. fix #23 #35 (rndmh3ro)
1.1 (2015-09-01)
1.1.0 (2015-09-01)
Closed issues:
- ssh_ports - individual client/server config #33
- UsePAM should probably default to yes on Red Hat Linux 7 #23
Merged pull requests:
- Change variable for hmac from server to client #37 (rndmh3ro)
- Update kitchen-ansible, remove separate debian install #36 (rndmh3ro)
- Separate ssh client and server ports. Fix #33 #34 (rndmh3ro)
- update common kitchen.yml platforms (ansible), kitchen_debian.yml platforms (ansible) #32 (chris-rock)
- Make MaxAuthTries configurable #31 (rndmh3ro)
- Change oneliner if-statements to be more readable #30 (rndmh3ro)
- Make ssh client password login configurable. #29 (ypid)
- Fix join-filter, jinja-cases, intendation #27 (rndmh3ro)
- Short role review. Fixed role when ssh_client_weak_kex == true. #26 (ypid)
- Make it configurable to only harden ssh client/server or both (default). #25 (ypid)
- Separate system-vars from editable vars #24 (rndmh3ro)
- Add correct CONTRIB-file #22 (rndmh3ro)
- Add Ansible Galaxy badge #21 (rndmh3ro)
- fix configuration of playbook path #20 (chris-rock)
- Debian install script #19 (rndmh3ro)
1.0.0 (2015-04-30)
Implemented enhancements:
Closed issues:
Merged pull requests:
- add self as author #18 (chris-rock)
- add badges #17 (chris-rock)
- fix meta.yml #16 (chris-rock)
- add more information to changelog #15 (chris-rock)
- Add meta-information for Ansible Galaxy #14 (rndmh3ro)
- Update CHANGELOG.md #13 (rndmh3ro)
- Add handler to restart ssh only if necessary. Fix #6 #11 (rndmh3ro)
- add more descriptions #10 (chris-rock)
- add travis config for ansible #9 (chris-rock)
- update .kitchen.yml to find playbook role in tests #8 (chris-rock)
- Oracle support #5 (rndmh3ro)
- Remove custom Vagrantfile-reference. Fix #2 #4 (rndmh3ro)
- Remove custom Vagrantfile-reference. Fix #2 #3 (rndmh3ro)
- Fix missing gem #1 (chris-rock)
* This Changelog was automatically generated by github_changelog_generator