4.4.0 (2017-12-29)
Implemented enhancements:
- Changes in selinux section to avoid confusion and some inconsistencies #127
- Issue #137: Fix sshd_config's "Match Group sftponly" #138 (kekumu)
- allow configuration of GatewayPorts #136 (pwyliu)
- Added support for AuthorizedKeysFile config setting #132 (hyrsky)
- corrected comments explaining the task's behaviour #131 (martinbydefault)
- Add Two-Factor Authentication #123 (lazzurs)
Fixed bugs:
Closed issues:
- coreos support? #142
- UseLogin is deprecated on CentOS 7 #140
- sftp Match Group settings overriding global sshd_config settings #137
- get openssh-version fails on FreeBSD (with ansible 2.4.0.0) #133
Merged pull requests:
- Remove deprecated UseLogin option #141 (syhe)
- Macs kex ciphers #139 (rndmh3ro)
- force /bin/sh when getting openssh-version #134 (gtz42)
4.3.1 (2017-08-14)
Implemented enhancements:
- Remove duplicate ssh_use_dns #130 (MagnusEnger)
Fixed bugs:
- System completely unresponsive after role execution #126
Closed issues:
- role creates duplicate parameter/values after run #124
4.3.0 (2017-08-03)
Implemented enhancements:
- Fix ansible.cfg settings #122 (fazlearefin)
- Finish 94 #116 (rndmh3ro)
Merged pull requests:
- Don't overwrite ssh_host_key_files if set manually #125 (oakey-b1)
- Add comment filter to {{ansible_managed}} string #121 (fazlearefin)
4.1.3 (2017-06-30)
4.2.0 (2017-06-30)
Implemented enhancements:
- Add support to specify a list of revoked public keys #120 (bachp)
- use package instead of yum so the operation works on Fedora #119 (stenwt)
Fixed bugs:
- fails in --check mode #111
Merged pull requests:
4.1.2 (2017-05-31)
Implemented enhancements:
Fixed bugs:
- User login failed after running this module #114
Closed issues:
- Update readme to include baselines #110
4.1.1 (2017-05-18)
Implemented enhancements:
Fixed bugs:
4.1.0 (2017-05-09)
Implemented enhancements:
- Provide option to allow password server login #106
- Deprecation warning always_run #82
- Added support for UseDNS config switch #109 (ftaeger)
- Added support for UseDNS config switch #108 (ftaeger)
Fixed bugs:
create ssh\_config and set permissions to root/644
step repeated #104
Merged pull requests:
- Added support for PermitTunnel config switch #112 (fti7)
- Adds option to enable password based authentication on the server #107 (colin-nolan)
4.0.0 (2017-04-22)
Implemented enhancements:
- Avoid small primes for DH and allow rebuild of DH primes #89
- Accommodate missing plugins in kitchen_vagrant_block.rb #100 (fullyint)
- Use different Hostkeys according to installed ssh version #99 (rndmh3ro)
- Remove small dh primes #97 (rndmh3ro)
- Add Ed25519 SSH host key to match commit 28b4df3 in ssh-baseline #96 (techraf)
- Add support for FreeBSD OpenSSH server and client #95 (jbenden)
- Replace deprecated always_run with check_mode #93 (jbenden)
- Defaults: Remove DSA from SSH host keys to match ssh-baseline profile #92 (techraf)
- use new docker images #91 (rndmh3ro)
- use centos 7 in vagrant, limit ssh conns #88 (rndmh3ro)
- remove support for ansible 1.9 #87 (rndmh3ro)
- make ChallengeResponseAuthentication configurable #85 (rndmh3ro)
- List only one Port in ssh config #84 (fullyint)
- Fix ssh config to handle custom options per Host #83 (fullyint)
Fixed bugs:
- SELinux-specific task still runs on SELinux-disabled systems #74
- List only one Port in ssh config #84 (fullyint)
- Fix ssh config to handle custom options per Host #83 (fullyint)
Closed issues:
Merged pull requests:
- remove duplicate section #105 (rndmh3ro)
- Fix ssh_server_ports and ssh_client_ports documentation bug #80 (kivilahtio)
3.2.0 (2016-10-24)
Implemented enhancements:
- CentOS 7 selinux dependencies #76
- install selinux dependencies, check for already installed semodule #79 (rndmh3ro)
- Parameterise Banner and DebianBanner as defaults #77 (tsenart)
Fixed bugs:
- Some tasks are always run even if they are not needed #78
- Selinux issue #75
- Running the tests locally #61
Closed issues:
- Applied-Crypto-Hardening project and new cyphers. #28
3.1.0 (2016-08-03)
Implemented enhancements:
- use new ciphers, kex, macs and privilege separation for redhat family 7 or later #72
3.1 (2016-08-03)
Implemented enhancements:
- Add Xenial / Ubuntu 16.04 LTS to meta/main.yml #63
- Use new ciphers, kex, macs and priv separation sandbox for redhat family 7 #73 (atomic111)
- add docker support #71 (rndmh3ro)
- add always_run: true to task. fix #64 #69 (rndmh3ro)
- Debian8 #68 (rndmh3ro)
- Fixed KexAlgorithms Conditional Statement #66 (cjsheets)
- Moves vars to defaults #60 (conorsch)
Fixed bugs:
- semodule ssh_password error on AWS Centos 7 #64
Closed issues:
ssh\_server\_ports
a bit misleading in the vars section? #62- sftp_enabled: false will break Ansible's template module #55
- Move cipher/kex/mac vars to defaults #53
Merged pull requests:
3.0.0 (2016-03-13)
Implemented enhancements:
- Added sftp_enabled, sftp_chroot_dir, and ssh_client_roaming from the … #57 (shirokatze)
- add test support for ansible 1.9 and 2.0 #56 (rndmh3ro)
- update platforms in meta-file #52 (rndmh3ro)
- add webhook for ansible galaxy #51 (rndmh3ro)
- Disable experimental client roaming. #49 (rndmh3ro)
- use inspec as test framework #48 (chris-rock)
- Change categories to tags for upcoming ansible 2.0 #47 (rndmh3ro)
- add changelog generator #46 (chris-rock)
Closed issues:
Merged pull requests:
2.0.0 (2015-11-28)
Closed issues:
- Fix directory structure. #43
Merged pull requests:
- New dir layout. Fix #43 #44 (rndmh3ro)
- Add var to travis job #42 (rndmh3ro)
- sftp_enable option #41 (fitz123)
1.2.1 (2015-10-16)
Merged pull requests:
1.2 (2015-09-28)
1.2.0 (2015-09-28)
Merged pull requests:
- bugfix. Now option true for PrintLastLog is available again #39 (fitz123)
- Add more travis-tests #38 (rndmh3ro)
- Support for selinux and pam. fix #23 #35 (rndmh3ro)
1.1 (2015-09-01)
1.1.0 (2015-09-01)
Closed issues:
- ssh_ports - individual client/server config #33
- UsePAM should probably default to yes on Red Hat Linux 7 #23
Merged pull requests:
- Change variable for hmac from server to client #37 (rndmh3ro)
- Update kitchen-ansible, remove separate debian install #36 (rndmh3ro)
- Separate ssh client and server ports. Fix #33 #34 (rndmh3ro)
- update common kitchen.yml platforms (ansible), kitchen_debian.yml platforms (ansible) #32 (chris-rock)
- Make MaxAuthTries configurable #31 (rndmh3ro)
- Change oneliner if-statements to be more readable #30 (rndmh3ro)
- Make ssh client password login configurable. #29 (ypid)
- Fix join-filter, jinja-cases, intendation #27 (rndmh3ro)
- Short role review. Fixed role when ssh_client_weak_kex == true. #26 (ypid)
- Make it configurable to only harden ssh client/server or both (default). #25 (ypid)
- Separate system-vars from editable vars #24 (rndmh3ro)
- Add correct CONTRIB-file #22 (rndmh3ro)
- Add Ansible Galaxy badge #21 (rndmh3ro)
- fix configuration of playbook path #20 (chris-rock)
- Debian install script #19 (rndmh3ro)
1.0.0 (2015-04-30)
Implemented enhancements:
Closed issues:
Merged pull requests:
- add self as author #18 (chris-rock)
- add badges #17 (chris-rock)
- fix meta.yml #16 (chris-rock)
- add more information to changelog #15 (chris-rock)
- Add meta-information for Ansible Galaxy #14 (rndmh3ro)
- Update CHANGELOG.md #13 (rndmh3ro)
- Add handler to restart ssh only if necessary. Fix #6 #11 (rndmh3ro)
- add more descriptions #10 (chris-rock)
- add travis config for ansible #9 (chris-rock)
- update .kitchen.yml to find playbook role in tests #8 (chris-rock)
- Oracle support #5 (rndmh3ro)
- Remove custom Vagrantfile-reference. Fix #2 #4 (rndmh3ro)
- Remove custom Vagrantfile-reference. Fix #2 #3 (rndmh3ro)
- Fix missing gem #1 (chris-rock)
* This Change Log was automatically generated by github_changelog_generator