Hey everyone,
we also released a new version of ansible-ssh-hardening: version 8.0.0!
Many fixes and features here, too. But also some breaking changes, so
heads up!
Breaking Changes:
We removed configuring 2fa, as it does not belong into this role (#269)
ssh_google_auth and ssh_pam_device are gone and replaced by
sshd_authenticationmethods (#245)
ssh_allow_tcp_forwarding is no longer a bool but a string because
it accepts other values as yes/no (#257)
Implemented enhancements:
Remove dependency on bash #265
Possibility to use other value than yes/no for AllowTCPforwarding #255
Add support for Debian Buster in ansible-ssh-hardening #248
Some options not configurable via the role #239
PermitUserEnvironment should not be conflated with AcceptEnv #232
Disable also dynamic MOTD via PAM if enabled - refs #271 #273 (ancoron)
Use sha2 HMACs on RHEL 6 / CentOS 6. #270 (foonix)
Removing 2fa #269 (dennisse)
Renaming Ansible variables discovered from systems #268 (PovilasGT)
Do not use bash to get ssh version #266 (kljensen)
Add 'all', 'local', 'yes', 'no' options support for
AllowTcpForwarding variable #257 (brnck)
Support KEX for OpenSSH 8.0+ & quantum resistant KEX #254
(lunarthegrey)
SFTP: set default umask to 0027 #252 (Slamdunk)
Separate PermitUserEnviroment from AcceptEnv #251 (szEvEz)
Feature: Debian 10 (Buster) support #249 (jaredledvina)
fix broken packages, extend README with furhter development
instructions #246 (szEvEz)
refactor authenticationmethod settings, allow user to set
authenticat… #245 (szEvEz)
RHEL/OL/CentOS 8 support #242 (Furragen)
Added ssh_syslog_facility, ssh_log_level and ssh_strict_modes
parameters #240 (bschonec)
set UsePAM to yes by default #233 (rndmh3ro)
Fixed bugs:
HostKey comment "# Req 20" breaks key based auth #262
SSH fails to start/connect if custom server ports is set on CentOS
7.6 #212
Google 2fa authentication problem #170
vars: remove empty main.yml file #274 (paulfantom)
Only manage moduli when hardening server #267 (jbronn)
Remove comment from sshd config HostKey param #263 (abtreece)
Github: https://github.com/dev-sec/ansible-ssh-hardening/releases/tag/8.0.0
Galaxy: https://galaxy.ansible.com/dev-sec/ssh-hardening
We are looking forward to get your feedback via our mailing list.
(https://dev-sec.io/community/).
Feel free to follow us on Twitter (https://twitter.com/devsecio) to stay
updated.
________________________________________
Mailing list: https://www.freelists.org/list/devsec
Archive: https://www.freelists.org/archive/devsec
Post to: devsec@xxxxxxxxxxxxx
Unsubscribe: https://www.freelists.org/list/devsec