v2.1.0

v2.1.0 (2017-04-19)

Full Changelog

Implemented enhancements:

• Suse support missing in metadata #170

Merged pull requests:

• Add Support for Extra Configuration Options #173 (bdwyertech)
• Authorized keys custom path #172 (lubomir-kacalek)
• Add suse to the supported list in metadata #171 (artem-sidorenko)
• Removal of apt/yum cookbooks from tests #169 (artem-sidorenko)

chef-ssh-hardening 2.0.0

v2.0.0 (2017-02-06)

Full Changelog

Implemented enhancements:

• Send and Accept locale environment variables #167 (mikemoate)
• Use different algorithms depending on the ssh version #166 (artem-sidorenko)
• Avoid small primes for DH and allow rebuild of DH primes #163 (artem-sidorenko)
• Removal of DSA key from defaults #161 (artem-sidorenko)
• Allow log level configuration of sshd #159 (artem-sidorenko)
• Switch UsePAM default to yes #157 (artem-sidorenko)
• Split the attribues to the client and server areas #150 (artem-sidorenko)
• Attribute namespace ['ssh-hardening'] added #144 (artem-sidorenko)
• Add node attributes to override KEX, MAC and cipher values #141 (bazbremner)

Fixed bugs:

• IPv6 is not working still if its enabled #140

Closed issues:

• Verify the current crypto settings #162
• Possibly missing locale handling #160
• Error message about DSA key on RHEL 7 #158
• Attributes should be in the own namespace ssh-hardening #142
• Move entire crypto parameter configuration in tests to the centralized place #137
• Move UsePrivilegeSeparation.get to the new library #136
• Release 2.0.0 #133
• configure log level #117
• UsePAM should probably default to yes on Red Hat Linux 7 #96
• refactor library kex and cipher implementation #87
• prohibit use of weak dh moduli #65
• Harmonize API #53
• SSH rootkey configuration is too open #16

Merged pull requests:

• Add oracle bento boxes to vagrant testing #168 (artem-sidorenko)
• Project data for changelog generator #164 (artem-sidorenko)
• Improve the docs on the attribute overriding #156 (artem-sidorenko)
• Tests for GH-131 and GH-132 #155 (artem-sidorenko)
• Update attribute documentation in README #154 (artem-sidorenko)
• Fix the broken master #153 (artem-sidorenko)
• Fixing the broken links in docs #152 (artem-sidorenko)
• Some tests for attributes of last merged PRs #151 (artem-sidorenko)
• Get rid of chefspec/fauxhai warnings in the unit tests #149 (artem-sidorenko)
• Bugfix: sshd listens on IPv6 interface if enabled #148 (artem-sidorenko)
• Update and cleanup of Gemfile #147 (artem-sidorenko)
• Cleanup of some unmaintained docs/files #146 (artem-sidorenko)
• Removal of deprecated attributes #145 (artem-sidorenko)
• Removal of deprecated authorized_keys handling #143 (artem-sidorenko)
• Refactoring of library to simplify the kex/cipher handling #134 (artem-sidorenko)

chef-ssh-hardening 1.3.0

v1.3.0 (2016-11-15)

Full Changelog

Implemented enhancements:

• Support for OpenSuse Leap, new enterprise distro of SUSE #128 (artem-sidorenko)
• Avoid duplicate resource names because of warnings #127 (artem-sidorenko)

Closed issues:

• Allow to configure ChallengeResponseAuthentication (currently it's hardcoded to no) #125
• Make LoginGraceTime configurable #116
• Allow to configure MaxAuthTries #100

Merged pull requests:

• Distro information for supermarket #138 (artem-sidorenko)
• Allow login grace time to be configurable #132 (artem-sidorenko)
• Allow to configure ChallengeResponseAuthentication #131 (artem-sidorenko)
• Configurable SSH Banner File #130 (sidxz)
• Update kitchen vagrant configuration #129 (artem-sidorenko)
• Parameterise Banner and DebianBanner as attributes #126 (tsenart)
• Update Rubocop, Foodcritic, and Chefspec coverage #124 (shortdudey123)

chef-ssh-hardening 1.2.1

v1.2.1 (2016-09-25)

Full Changelog

Implemented enhancements:

• add suse and opensuse support #122 (chris-rock)
• activate fedora integration tests in travis #120 (chris-rock)

Merged pull requests:

• Fix deprecation warnings #123 (operatingops)
• Use bracket syntax in attributes/default.rb #121 (aried3r)
• Use new ciphers, kex, macs and priv separation sandbox for redhat family 7 #119 (atomic111)
• change hardening-io to dev-sec domain for build status and code coverage #118 (atomic111)

chef-ssh-hardening 1.2.0

v1.2.0 (2016-05-29)

Full Changelog

Implemented enhancements:

• add changelog generator #104 (chris-rock)

Closed issues:

• SFTP not configurable #110
• default to 'UseRoaming no' #109
• Consider using blank config_disclaimer by default #94

Merged pull requests:

• Document MaxAuthTries and MaxSessions added in 66e7ebf #115 (bazbremner)
• Use new InSpec integration tests #114 (atomic111)
• Add conditional to cover systemd in Ubuntu 15.04+ #112 (elijah)
• Feature/sftp #111 (jmara)
• Disable experimental client roaming #108 (ascendantlogic)
• Made MaxAuthTries and MaxSessions configurable #107 (runningman84)
• added inspec support (kitchen.yml and Gemfile) #106 (atomic111)
• Apply PasswordAuthentication attribute to SSH #105 (SteveLowe)
• Configurable PasswordAuthentication #102 (sumit-goel)
• x11 forwarding should be configurable like tcp and agent forwarding #99 (patcon)
• Correct recipe names in the README #98 (michaelklishin)
• update common kitchen.yml platforms #97 (chris-rock)
• fixes #94 #95 (chris-rock)
• remove old slack notification #92 (chris-rock)
• update common Gemfile for chef11+12 #91 (arlimus)
• common files: centos7 + rubocop #90 (arlimus)
• improve metadata description #88 (chris-rock)

chef-ssh-hardening 1.1.0

Release 1.1.0

• feature: UsePrivilegeSeparation = sandbox for ssh >= 5.9
• feature: Debian 8 support
• feature: UseDNS configuration option
• feature: allow/deny users/groups configuration options
• feature: MOTD configuration option
• bugfix: adjust travis to work with chef12/ruby2

The new version is available in Chef Supermarket. More information about this project is available at Hardening Framework website.