A module to configure SSH according to the Mozilla hardening guidelines
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
examples
manifests
spec
templates
.fixtures.yml
.gitignore
.puppet-lint.rc
.rubocop.yml
.travis.yml
CONTRIBUTING.md
Gemfile
Guardfile
LICENSE
README.md
Rakefile
metadata.json

README.md

petems-mozilla_ssh_hardening

Build Status

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with mozilla_ssh_hardening
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module

Overview

Configures OpenSSH with Mozilla hardening recomendations.

Module Description

This is a module to use an existing

It's basically my standard way of configuring and hardening SSH servers for my requirements, and is part of the base profile I configure on all my machines.

Setup

What mozilla_ssh_hardening affects

  • All the standard stuff you expect from an sshd configuration, the config file, deamon, package and such
  • Ciphers, MAC, Key exchanges are configured to be the Mozilla settings

Setup Requirements

This module requires the saz/ssh module

Beginning with mozilla_ssh_hardening

The most basic configuration is simply:

include ::mozilla_ssh_hardening::server

There will be parameters to configure further settings as I do more research on SSH options.

Usage

Put the classes, types, and resources for customizing, configuring, and doing the fancy stuff with your module here.

Reference

Here, list the classes, types, providers, facts, etc contained in your module. This section should include all of the under-the-hood workings of your module so people know what the module is touching on their system but don't need to mess with things. (We are working on automating this section!)

Limitations

Right now this is only extensively tested on the machines that I manage, which is mainly:

  • Ubuntu 16.04
  • CentOS 7
  • CentOS 6

Other operating systems may work, if there are issues, pull-requests welcome!

Right now it's only setup to configure the server part of the setup, but I'm looking to extend it to support client in the future also.

Development

If you'd like to other features or anything else, check out the contributing guidelines in CONTRIBUTING.md.