v2.9.0 (2019-11-21)
Merged pull requests:
- CentOS 8: proper selinux package naming #223 (artem-sidorenko)
- CI: enable testing on centos-8 #222 (artem-sidorenko)
- Allow to specify an alternate AuthorizedKeysFile inside the Match block #214 (dud225)
v2.8.0 (2019-07-17)
Merged pull requests:
- Support of custom match configuration blocks #221 (artem-sidorenko)
- Enable CI testing of Debian 10 #220 (artem-sidorenko)
- Updating supported fedora versions and include Fedora 30 #219 (artem-sidorenko)
- Removal of Ubuntu 14.04 because of EOL #218 (artem-sidorenko)
- Switching testing to chef 14&15 #217 (artem-sidorenko)
- Tests: update of gems #213 (artem-sidorenko)
- Tests: try to use SoloRunner instead of ServerRunner #212 (artem-sidorenko)
v2.7.0 (2018-11-21)
Merged pull requests:
- permit_tunnel attribute - allow tun device forwarding #211 (bobchaos)
- Update the CI settings #207 (artem-sidorenko)
- Update issue templates #206 (rndmh3ro)
v2.6.0 (2018-10-19)
Closed issues:
- Removal of deprecated options #202
Merged pull requests:
- Update of badges in README #205 (artem-sidorenko)
- Removal of deprecated options for newer openssh versions #203 (artem-sidorenko)
v2.5.0 (2018-10-10)
Closed issues:
- Change log level for SFTP Subsystem #199
Merged pull requests:
- CI fix: pin cucumber 3 #201 (artem-sidorenko)
- Add attribute for sftp subsystem logging #200 (rediculum)
v2.4.0 (2018-08-01)
Closed issues:
- Errors on Ubuntu 18.04 #195
Merged pull requests:
- Avoid some deprecated options for OpenSSH >=7.6 #198 (artem-sidorenko)
- Update of tests and supported distros and chef versions #197 (artem-sidorenko)
- Update of CI and test environment #196 (artem-sidorenko)
- Make ForwardAgent configurable for Client Configuration #193 (kabakakao)
- minor update to the template #192 (crashdummymch)
- amazonlinux support #188 (chris-rock)
v2.3.1 (2018-02-13)
Merged pull requests:
v2.3.0 (2017-12-19)
Closed issues:
Merged pull requests:
- remove ripemd from MAC list #186 (atomic111)
- Allow password authentication for sftp #184 (avanier)
- Fix Extra Configuration #183 (bdwyertech)
v2.2.1 (2017-08-22)
Closed issues:
- The cookbooks fails on Amazon Linux. #180
Merged pull requests:
- Fix to Issue #180. Cookbook fails on Amazon Linux #181 (jonasduarte)
v2.2.0 (2017-06-18)
Closed issues:
Merged pull requests:
- Running rubocop in the 2.1 mode #179 (artem-sidorenko)
- CI: update to ruby 2.4.1 and gem update #178 (artem-sidorenko)
- CI, Harmonization of tests, Testing of Chef 13 and Chef 12 #176 (artem-sidorenko)
- CI: removal of EOL distros from testing and support #175 (artem-sidorenko)
v2.1.0 (2017-04-19)
Implemented enhancements:
- Suse support missing in metadata #170
Merged pull requests:
- Add Support for Extra Configuration Options #173 (bdwyertech)
- Authorized keys custom path #172 (lubomir-kacalek)
- Add suse to the supported list in metadata #171 (artem-sidorenko)
- Removal of apt/yum cookbooks from tests #169 (artem-sidorenko)
v2.0.0 (2017-02-06)
Implemented enhancements:
- Send and Accept locale environment variables #167 (mikemoate)
- Removal of DSA key from defaults #161 (artem-sidorenko)
- Allow log level configuration of sshd #159 (artem-sidorenko)
- Split the attributes to the client and server areas #150 (artem-sidorenko)
- Attribute namespace ['ssh-hardening'] added #144 (artem-sidorenko)
- Add node attributes to override KEX, MAC and cipher values #141 (bazbremner)
- Use different algorithms depending on the ssh version #166 (artem-sidorenko)
- Avoid small primes for DH and allow rebuild of DH primes #163 (artem-sidorenko)
- Switch UsePAM default to yes #157 (artem-sidorenko)
Fixed bugs:
- IPv6 is not working still if its enabled #140
Closed issues:
- Possibly missing locale handling #160
- Verify the current crypto settings #162
- Error message about DSA key on RHEL 7 #158
- Attributes should be in the own namespace ssh-hardening #142
- Move entire crypto parameter configuration in tests to the centralized place #137
- Move UsePrivilegeSeparation.get to the new library #136
- Release 2.0.0 #133
- configure log level #117
- UsePAM should probably default to yes on Red Hat Linux 7 #96
- refactor library kex and cipher implementation #87
- prohibit use of weak dh moduli #65
- Harmonize API #53
- SSH rootkey configuration is too open #16
Merged pull requests:
- Add oracle bento boxes to vagrant testing #168 (artem-sidorenko)
- Project data for changelog generator #164 (artem-sidorenko)
- Improve the docs on the attribute overriding #156 (artem-sidorenko)
- Tests for GH-131 and GH-132 #155 (artem-sidorenko)
- Update attribute documentation in README #154 (artem-sidorenko)
- Fix the broken master #153 (artem-sidorenko)
- Fixing the broken links in docs #152 (artem-sidorenko)
- Some tests for attributes of last merged PRs #151 (artem-sidorenko)
- Get rid of chefspec/fauxhai warnings in the unit tests #149 (artem-sidorenko)
- Bugfix: sshd listens on IPv6 interface if enabled #148 (artem-sidorenko)
- Update and cleanup of Gemfile #147 (artem-sidorenko)
- Cleanup of some unmaintained docs/files #146 (artem-sidorenko)
- Removal of deprecated attributes #145 (artem-sidorenko)
- Removal of deprecated authorized_keys handling #143 (artem-sidorenko)
- Refactoring of library to simplify the kex/cipher handling #134 (artem-sidorenko)
v1.3.0 (2016-11-23)
Implemented enhancements:
- Support for OpenSuse Leap, new enterprise distro of SUSE #128 (artem-sidorenko)
- Avoid duplicate resource names because of warnings #127 (artem-sidorenko)
Closed issues:
- Allow to configure ChallengeResponseAuthentication (currently it's hardcoded to no) #125
- Make LoginGraceTime configurable #116
- Allow to configure MaxAuthTries #100
Merged pull requests:
- Fixing metadata as supermarket API expects a float #139 (artem-sidorenko)
- Distro information for supermarket #138 (artem-sidorenko)
- Allow login grace time to be configurable #132 (artem-sidorenko)
- Allow to configure ChallengeResponseAuthentication #131 (artem-sidorenko)
- Configurable SSH Banner File #130 (sidxz)
- Update kitchen vagrant configuration #129 (artem-sidorenko)
- Parameterise Banner and DebianBanner as attributes #126 (tsenart)
- Update Rubocop, Foodcritic, and Chefspec coverage #124 (shortdudey123)
v1.2.1 (2016-09-25)
Implemented enhancements:
- add suse and opensuse support #122 (chris-rock)
- activate fedora integration tests in travis #120 (chris-rock)
Merged pull requests:
- Fix deprecation warnings #123 (operatingops)
- Use bracket syntax in attributes/default.rb #121 (aried3r)
- Use new ciphers, kex, macs and priv separation sandbox for redhat family 7 #119 (atomic111)
- change hardening-io to dev-sec domain for build status and code coverage #118 (atomic111)
v1.2.0 (2016-05-29)
Implemented enhancements:
- add changelog generator #104 (chris-rock)
Closed issues:
- SFTP not configurable #110
- default to 'UseRoaming no' #109
- Consider using blank config_disclaimer by default #94
Merged pull requests:
- Document MaxAuthTries and MaxSessions added in 66e7ebfd #115 (bazbremner)
- Use new InSpec integration tests #114 (atomic111)
- Add conditional to cover systemd in Ubuntu 15.04+ #112 (elijah)
- Feature/sftp #111 (jmara)
- Disable experimental client roaming #108 (ascendantlogic)
- Made MaxAuthTries and MaxSessions configurable #107 (runningman84)
- added inspec support (kitchen.yml and Gemfile) #106 (atomic111)
- Apply PasswordAuthentication attribute to SSH #105 (SteveLowe)
- Configurable PasswordAuthentication #102 (sumitgoelpw)
- x11 forwarding should be configurable like tcp and agent forwarding #99 (patcon)
- Correct recipe names in the README #98 (michaelklishin)
- update common kitchen.yml platforms #97 (chris-rock)
- fixes #94 #95 (chris-rock)
- remove old slack notification #92 (chris-rock)
- update common Gemfile for chef11+12 #91 (arlimus)
- common files: centos7 + rubocop #90 (arlimus)
- improve metadata description #88 (chris-rock)
v1.1.0 (2015-04-28)
Closed issues:
- Use new "UseDNS" openssh default #81
- UseDNS no #79
- Debian 8.0 (Jessie) ships with OpenSSH 6.7p1, enable modern algos #77
- Allow management of allow/deny users #75
- update tutorial.md #55
Merged pull requests:
- add Debian 8 to local test-kitchen #84 (chris-rock)
- Modern alogs for Jessie #83 (Rockstar04)
- Update README and use OpenSSH defaults for UseDNS #82 (aried3r)
- Make UseDNS configurable #80 (aried3r)
- update common readme badges #78 (arlimus)
- Allow deny users to be managed from attributes #76 (Rockstar04)
- fix typo in opensshdconf.erb, remove trailing whitespace #74 (zachallett)
- bugfix: adjust travis to work with chef12/ruby2 #73 (arlimus)
- add privilege separation via sandbox mode for ssh >= 5.9 #72 (arlimus)
- Adding attributes to enable printing the MOTD. #71 (dmerrick)
v1.0.3 (2015-01-14)
Closed issues:
- Suggestion: Don't populate /root/.ssh/authorized_keys by default #69
- prefer etm MACs #66
- disable sha1-based key exchanges #64
Merged pull requests:
v1.0.2 (2015-01-12)
Closed issues:
- release on supermarket #62
- host_key_files should not include ssh_host_ecdsa_key on every host #61
- Protocol 1 options while SSH 2 is hard coded #57
- Configuration of root keys via databag and attributes #37
- Bad ciphers on debian 7.0 #25
- update ssh service on changes #24
Merged pull requests:
- add back GCM cipher #67 (arlimus)
- updating common files #63 (arlimus)
- update to rubocop 0.27, exclude Berksfile #60 (bkw)
- updating common files #59 (arlimus)
- remove options that only apply to SSH protocol version 1 #58 (arlimus)
- bring back support for chef-solo #56 (bkw)
- add coverage dir to gitignore, add chefignore #54 (bkw)
- Deprecate managing authorized_keys for root via data bag #52 (bkw)
- Add slack notifications #51 (bkw)
- make users data bag optional #50 (bkw)
- allow cbc, hmac and kex to be configured individually for client and server. #49 (bkw)
- supply proper links for the badges #48 (bkw)
- update travis builds to ruby 2.1.3 #47 (bkw)
- add gymnasium badge for dependencies #46 (bkw)
- update to chefspec 4.1.1 #45 (bkw)
- Add badges #44 (bkw)
- Add chef spec #43 (bkw)
- Update rubocop #42 (bkw)
- fix filenames in comments #41 (bkw)
- updating common files #40 (arlimus)
- Chef Spec Tests #39 (chris-rock)
- improvement: switch to site location in berkshelf #38 (chris-rock)
- Lint #36 (chris-rock)
- minor change to make md table in COMPLIANCE.md work #35 (jklare)
- added info on crypto to readme #34 (arlimus)
- improvement: added faq on locked accounts to readme #33 (arlimus)
- updated kitchen images to current batch (mysql-equivalent) #32 (arlimus)
- add recipe to unlock user accounts #31 (arlimus)
- add pam option to readme #30 (chris-rock)
- fixes #24 #29 (chris-rock)
- fix end keyword #28 (arlimus)
- Debian6fix #27 (arlimus)
- update kitchen tests for vagrant #26 (arlimus)
- update rubocop, add default rake task. fix errors with default task #23 (ehaselwanter)
- update with common run_all_linters task #22 (ehaselwanter)
- adapt to new tests #21 (chris-rock)
- add openstack kitchen gem #20 (chris-rock)
- rename package name attribute from ssl* to ssh* #19 (bkw)
- passwordless users not able to log in #18 (bkw)
- add utf8 header and use ruby 1.9 hash syntax #17 (chris-rock)
- add Berksfile.lock Gemfile.lock to ignore list and remove it from tree #15 (ehaselwanter)
- Typo in username of ssh connection #14 (sirkkalap)
- streamline .rubocop config #13 (ehaselwanter)
- use the role from the integration test suite, not distinct recipes #12 (ehaselwanter)
- fix rubocop violations #11 (ehaselwanter)
- fix foodcritic violations #10 (ehaselwanter)
- made TCP and Agent Forwarding configurable #9 (atomic111)
- be more forgiving and relax rubocop #8 (ehaselwanter)
- add lint and spec infrastructure #7 (ehaselwanter)
- integrate sharedtests #6 (ehaselwanter)
- remove aes-gcm algos from Ciphers, because of http://www.openssh.com/txt/gcmrekey.adv #5 (atomic111)
- fix really old copy-n-paste error in readme #4 (arlimus)
- Contributing guide #3 (arlimus)
- added all kitchen test for ssh_config + sshd_config and added TUTORIAL.md #2 (atomic111)
- add license and improve styling #1 (chris-rock)
* This Changelog was automatically generated by github_changelog_generator