This repository has been archived by the owner on Dec 26, 2020. It is now read-only.
ansible-ssh-hardening 4.0.0
4.0.0 (2017-04-22)
Breaking Changes:
-
remove support for ansible 1.9 #87 (rndmh3ro)
- Ansible 1.9 is not supported anymore
-
Change the ssh_client_ports list variable into a simple non-list variable named ssh_client_port. #84 (fullyint)
- Before:
{% for port in ssh_client_ports -%} Port {{port}} {% endfor %}- After:
Port {{ ssh_client_port }} -
Fix ssh config to handle custom options per Host #83 (fullyint)
- Before:
# one or more hosts, to which ssh-client can connect to. Default is empty, but should be configured for security reasons! ssh_remote_hosts: [] # ssh- After:
# Hosts with custom options. # ssh # Example: # ssh_remote_hosts: # - names: ['example.com', 'example2.com'] # options: ['Port 2222', 'ForwardAgent yes'] # - names: ['example3.com'] # options: ['StrictHostKeyChecking no'] ssh_remote_hosts: []
Implemented enhancements:
- Use different Hostkeys according to installed ssh version #99 (rndmh3ro)
- Remove small dh primes #97 (rndmh3ro)
- Add Ed25519 SSH host key to match ssh-baseline #96 (techraf)
- Add support for FreeBSD OpenSSH server and client #95 (jbenden)
- Defaults: Remove DSA from SSH host keys to match ssh-baseline profile #92 (techraf)
- make ChallengeResponseAuthentication configurable #85 (rndmh3ro)
Fixed bugs:
- SELinux-specific task still runs on SELinux-disabled systems #74
- List only one Port in ssh config #84 (fullyint)
- Fix ssh config to handle custom options per Host #83 (fullyint)
Closed issues:
Merged pull requests:
- remove duplicate section #105 (rndmh3ro)
- Fix ssh_server_ports and ssh_client_ports documentation bug #80 (kivilahtio)
Other improvements: