Skip to content

Latest commit

 

History

History
328 lines (218 loc) · 22.6 KB

CHANGELOG.md

File metadata and controls

328 lines (218 loc) · 22.6 KB

Change Log

4.4.0 (2017-12-29)

Full Changelog

Implemented enhancements:

  • Changes in selinux section to avoid confusion and some inconsistencies #127
  • Issue #137: Fix sshd_config's "Match Group sftponly" #138 (kekumu)
  • allow configuration of GatewayPorts #136 (pwyliu)
  • Added support for AuthorizedKeysFile config setting #132 (hyrsky)
  • corrected comments explaining the task's behaviour #131 (martinbydefault)
  • Add Two-Factor Authentication #123 (lazzurs)

Fixed bugs:

  • ssh_use_dns used twice in defaults/main.yml #129
  • line 56: Bad SSH2 mac spec #135

Closed issues:

  • coreos support? #142
  • UseLogin is deprecated on CentOS 7 #140
  • sftp Match Group settings overriding global sshd_config settings #137
  • get openssh-version fails on FreeBSD (with ansible 2.4.0.0) #133

Merged pull requests:

4.3.1 (2017-08-14)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • System completely unresponsive after role execution #126

Closed issues:

  • role creates duplicate parameter/values after run #124

4.3.0 (2017-08-03)

Full Changelog

Implemented enhancements:

Merged pull requests:

  • Don't overwrite ssh_host_key_files if set manually #125 (oakey-b1)
  • Add comment filter to {{ansible_managed}} string #121 (fazlearefin)

4.1.3 (2017-06-30)

Full Changelog

4.2.0 (2017-06-30)

Full Changelog

Implemented enhancements:

  • Add support to specify a list of revoked public keys #120 (bachp)
  • use package instead of yum so the operation works on Fedora #119 (stenwt)

Fixed bugs:

  • fails in --check mode #111

Merged pull requests:

  • Do not use shell when not needed + Lint whitespaces #118 (krhubert)

4.1.2 (2017-05-31)

Full Changelog

Implemented enhancements:

  • added check_mode: no to "get openssh-version" task, so it won't fail … #117 (wschaft)

Fixed bugs:

  • User login failed after running this module #114

Closed issues:

  • Update readme to include baselines #110

4.1.1 (2017-05-18)

Full Changelog

Implemented enhancements:

Fixed bugs:

4.1.0 (2017-05-09)

Full Changelog

Implemented enhancements:

  • Provide option to allow password server login #106
  • Deprecation warning always_run #82
  • Added support for UseDNS config switch #109 (ftaeger)
  • Added support for UseDNS config switch #108 (ftaeger)

Fixed bugs:

  • create ssh\_config and set permissions to root/644 step repeated #104

Merged pull requests:

  • Added support for PermitTunnel config switch #112 (fti7)
  • Adds option to enable password based authentication on the server #107 (colin-nolan)

4.0.0 (2017-04-22)

Full Changelog

Implemented enhancements:

  • Avoid small primes for DH and allow rebuild of DH primes #89
  • Accommodate missing plugins in kitchen_vagrant_block.rb #100 (fullyint)
  • Use different Hostkeys according to installed ssh version #99 (rndmh3ro)
  • Remove small dh primes #97 (rndmh3ro)
  • Add Ed25519 SSH host key to match commit 28b4df3 in ssh-baseline #96 (techraf)
  • Add support for FreeBSD OpenSSH server and client #95 (jbenden)
  • Replace deprecated always_run with check_mode #93 (jbenden)
  • Defaults: Remove DSA from SSH host keys to match ssh-baseline profile #92 (techraf)
  • use new docker images #91 (rndmh3ro)
  • use centos 7 in vagrant, limit ssh conns #88 (rndmh3ro)
  • remove support for ansible 1.9 #87 (rndmh3ro)
  • make ChallengeResponseAuthentication configurable #85 (rndmh3ro)
  • List only one Port in ssh config #84 (fullyint)
  • Fix ssh config to handle custom options per Host #83 (fullyint)

Fixed bugs:

  • SELinux-specific task still runs on SELinux-disabled systems #74
  • List only one Port in ssh config #84 (fullyint)
  • Fix ssh config to handle custom options per Host #83 (fullyint)

Closed issues:

  • Should compression be opt-in? #90
  • The role fails when conditionally included #86

Merged pull requests:

3.2.0 (2016-10-24)

Full Changelog

Implemented enhancements:

  • CentOS 7 selinux dependencies #76
  • install selinux dependencies, check for already installed semodule #79 (rndmh3ro)
  • Parameterise Banner and DebianBanner as defaults #77 (tsenart)

Fixed bugs:

  • Some tasks are always run even if they are not needed #78
  • Selinux issue #75
  • Running the tests locally #61

Closed issues:

  • Applied-Crypto-Hardening project and new cyphers. #28

3.1.0 (2016-08-03)

Full Changelog

Implemented enhancements:

  • use new ciphers, kex, macs and privilege separation for redhat family 7 or later #72

3.1 (2016-08-03)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • semodule ssh_password error on AWS Centos 7 #64

Closed issues:

  • ssh\_server\_ports a bit misleading in the vars section? #62
  • sftp_enabled: false will break Ansible's template module #55
  • Move cipher/kex/mac vars to defaults #53

Merged pull requests:

3.0.0 (2016-03-13)

Full Changelog

Implemented enhancements:

Closed issues:

  • Install from ansible galaxy missing files (tasks) #50
  • should generate new ssh host key files #45

Merged pull requests:

2.0.0 (2015-11-28)

Full Changelog

Closed issues:

  • Fix directory structure. #43

Merged pull requests:

1.2.1 (2015-10-16)

Full Changelog

Merged pull requests:

1.2 (2015-09-28)

Full Changelog

1.2.0 (2015-09-28)

Full Changelog

Merged pull requests:

  • bugfix. Now option true for PrintLastLog is available again #39 (fitz123)
  • Add more travis-tests #38 (rndmh3ro)
  • Support for selinux and pam. fix #23 #35 (rndmh3ro)

1.1 (2015-09-01)

Full Changelog

1.1.0 (2015-09-01)

Full Changelog

Closed issues:

  • ssh_ports - individual client/server config #33
  • UsePAM should probably default to yes on Red Hat Linux 7 #23

Merged pull requests:

  • Change variable for hmac from server to client #37 (rndmh3ro)
  • Update kitchen-ansible, remove separate debian install #36 (rndmh3ro)
  • Separate ssh client and server ports. Fix #33 #34 (rndmh3ro)
  • update common kitchen.yml platforms (ansible), kitchen_debian.yml platforms (ansible) #32 (chris-rock)
  • Make MaxAuthTries configurable #31 (rndmh3ro)
  • Change oneliner if-statements to be more readable #30 (rndmh3ro)
  • Make ssh client password login configurable. #29 (ypid)
  • Fix join-filter, jinja-cases, intendation #27 (rndmh3ro)
  • Short role review. Fixed role when ssh_client_weak_kex == true. #26 (ypid)
  • Make it configurable to only harden ssh client/server or both (default). #25 (ypid)
  • Separate system-vars from editable vars #24 (rndmh3ro)
  • Add correct CONTRIB-file #22 (rndmh3ro)
  • Add Ansible Galaxy badge #21 (rndmh3ro)
  • fix configuration of playbook path #20 (chris-rock)
  • Debian install script #19 (rndmh3ro)

1.0.0 (2015-04-30)

Implemented enhancements:

Closed issues:

  • add travis test for ubuntu 12.04 #7
  • Use handler for sshd restart #6
  • Running test-kitchen fails #2

Merged pull requests:

* This Change Log was automatically generated by github_changelog_generator