This repository has been archived by the owner on Dec 26, 2020. It is now read-only.
OpenBSD Support #171
Merged
OpenBSD Support #171
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rndmh3ro
suggested changes
Jun 15, 2018
README.md
Outdated
| @@ -36,7 +36,10 @@ Warning: This role disables root-login on the target server! Please make sure yo | |||
| |`ssh_allow_tcp_forwarding` | false | false to disable TCP Forwarding. Set to true to allow TCP Forwarding.| | |||
| |`ssh_gateway_ports` | `false` | `false` to disable binding forwarded ports to non-loopback addresses. Set to `true` to force binding on wildcard address. Set to `clientspecified` to allow the client to specify which address to bind to.| | |||
| |`ssh_allow_agent_forwarding` | false | false to disable Agent Forwarding. Set to true to allow Agent Forwarding.| | |||
| |`ssh_pam` | true | true if SSH has PAM support.| | |||
There was a problem hiding this comment.
Can you call these ssh_pam_support? Same for kerberos and gssapi.
README.md
Outdated
| @@ -52,6 +55,7 @@ Warning: This role disables root-login on the target server! Please make sure yo | |||
| |`sftp_chroot` | true | false to disable chroot for sftp| | |||
| |`sftp_chroot_dir` | /home/%u | change default sftp chroot location| | |||
| |`ssh_client_roaming` | false | enable experimental client roaming| | |||
| |`sshd_moduli` | '/etc/ssh/moduli' | path to the SSH moduli file | | |||
There was a problem hiding this comment.
Shouldn't it be sshd_moduli_file, as it's not a directory?
Edit: I changed it to sshd_moduli_file in 179287b; let me know if I need to change it.
vars/Debian.yml
Outdated
| @@ -1,3 +1 @@ | |||
| sshd_service_name: ssh | |||
| ssh_owner: root | |||
There was a problem hiding this comment.
I'm not really happy with this change.
Before this, there was only one place for every OS, where the owner and group were defined - the vars-file.
Now for some OS the owner is in the defaults and group is in vars.
I'd rather have these on the same place and since this cannot be the defaults, it should be vars.
|
Thanks! :) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for OpenBSD. Along the way, new variables were added to support the platform. In particular:
ssh_pam_support,ssh_gssapi_support, andssh_kerberos_support: The configuration file settings (e.g.,GSSAPIAuthentication) are invalid on the platform because the original OpenSSH does not include PAM, GSSAPI, or Kerberos support.sshd_moduli_file: OpenBSD uses/etc/moduliinstead of/etc/ssh/moduliLike FreeBSD (#95), there are no Docker-based tests for this kernel but I'm open to ideas.