Comments (17)
@Raskil would you mind sending a PR for this?
from puppet-module-ssh.
Are you getting your values from a stock install of Solaris 11.1 ?
from puppet-module-ssh.
I will look into it and send a PR. The values are from a preinstalled Solaris 11.1 from Oracle.
from puppet-module-ssh.
Question ist how to imnplement it. I see that you are using $::kernelrelease to dertermine Solaris Version. Should I implement a substructure in 5.11 or should we switch to another fact that is more suitable for minor version comparison?
Unfortuantly I do not have Solaris 9 and 10 boxes at hand, to compare suitable facts.
from puppet-module-ssh.
@Raskil
I can test any required changes on Solaris 9 and 10. Please let me know what to test?
from puppet-module-ssh.
Solaris 11 defaults: See the following sections from the man pages.
XAuthLocation
Specifies the location of the xauth(1) program. The
default is /usr/X11/bin/xauth and sshd attempts to open
it when X11 forwarding is enabled.
Subsystem
......
#sftp subsystem
Subsystem sftp internal-sftp -u 002
By default, no subsystems are defined. This option
applies to protocol version 2 only.
However, the initial installed sshd_config file only has =
Subsystem sftp internal-sftp
from puppet-module-ssh.
kernelrelease
should work if this applies to all of Solaris 11. Are these changes specific to 11.1 or are they the same on 11.0 ?
from puppet-module-ssh.
@ghoneycutt
I don't know, I don't have Solaris 11.0 boxes.
from puppet-module-ssh.
@nalyanyam Do you have Solaris 11.0 Systems? Could you check if there is any difference between standard sshd_config on Solaris 11.0 and Solaris 11.1?
from puppet-module-ssh.
@Raskil
Checked and sshd_config is basically the same between Solaris 11.0 and Solaris 11.1. I have no access to Solaris 11.2 at the moment, but it is likely that the main configurations would still be the same. Solaris/Oracle tries to maintain backward compatibility as much as possible. So i think in this case kernelrelease should work.
from puppet-module-ssh.
For SunOS nyo1d2z1 5.11 11.3 sun4v sparc sun4v, I had to remove all of the dependencies from init.pp except network/ssh. The other services did not exist on my box.
Solaris 10 worked out of the box.
Only 'network/ssh', and Solaris 11.3 works, otherwise I get an error:
Error: /Stage[main]/Ssh/Package[network/ssh/ssh-key]/ensure: change from absent to present failed: Unable to update
[root@nyprhcm1 manifests]# diff init.pp /var/tmp/init.pp
210c210,212
< $default_packages = ['network/ssh']
---
> $default_packages = ['network/ssh',
> 'network/ssh/ssh-key',
> 'service/network/ssh']
from puppet-module-ssh.
@quadgrande
On Solaris 11.1 the 3 packages are needed for server, client and key management utilities:
pkg info network/ssh
Name: network/ssh
Summary: Secure Shell (SSH) protocol client and associated utilities
Name: service/network/ssh
Summary: Secure Shell protocol server
pkg info network/ssh/ssh-key
Name: network/ssh/ssh-key
Summary: Secure Shell protocol key management utilities
I do not have access to Solaris 11.2 and 11.3 at the moment.
Could you please check what packages are associated with the ssh client, or the key management utilities? If all packages are now combined into one, then we need to make a new PR to fix this and differentiate based on kernelversion.
from puppet-module-ssh.
@Raskil Can we try to fix this default for sshd_config_xauth_location ?
The default (according to man pages) is actually /usr/X11/bin/xauth , but it's a symbolic link to /usr/bin/xauth
The current value in the module = /usr/openwin/bin/xauth is also a symbolic link to /usr/bin/xauth
So we could just update to match what is written in the man pages.
from puppet-module-ssh.
I will create a PR to update sshd_config_xauth_location and sshd_config_subsystem_sftp defaults
from puppet-module-ssh.
11.3 is fairly new (we patched in April), but it appears to have a different package set for supporting SSH.
OS and kernel version
11.2 - 0.175.2.2.0.4.2
# pkg list | grep ssh
network/ssh 0.5.11-0.175.2.2.0.2.2 i--
network/ssh/ssh-key 0.5.11-0.175.2.2.0.2.2 i--
service/network/ssh 0.5.11-0.175.2.2.0.2.2 i--
SunOS 5.11 11.2 sun4v sparc sun4v
11.3 - 0.175.3.1.0.3.0.2160.5
-# pkg list | grep ssh
network/ssh 0.5.11-0.175.3.1.0.3.0 i--
network/ssh/ssh-utilities 0.5.11-0.175.3.0.0.30.0 i--
service/network/ssh-common 0.5.11-0.175.3.0.0.30.0 i--
SunOS 5.11 11.3 sun4v sparc sun4v
from puppet-module-ssh.
@nalyanyam We fixed the Solaris default values using hiera. Sorais changes atot of stuff in minor relases so its hard to keep track of it,
from puppet-module-ssh.
Cleaning out old issues. If you are still interested in this, please send a pull request.
from puppet-module-ssh.
Related Issues (20)
- Module dependencies out of date HOT 4
- Add support for Ubuntu 22.04 LTS HOT 10
- config_mode not documented in version 4 of UPGRADING.md HOT 1
- V4 - ChallengeResponseAuthentication has wrong (new) variable name. HOT 2
- Feature request: Allow multiple instances of sshd HOT 1
- Add hiera support for Oracle Linux 8 HOT 4
- ssh_key_import not included in v4 HOT 6
- where is the hiera_merge feature in new version? HOT 1
- V4: wrong IdentityFile line in ssh_config HOT 1
- New $Custom Option examples HOT 1
- UsePAM value always yes HOT 2
- Add Ubuntu 22.04 support HOT 1
- notify Service['sshd_service'] when file resource in config_file_server class changes
- Move Include to top of sshd_config.erb
- no longer gathers ssh keys? HOT 2
- Error: Evaluation Error: Class[Ssh::Server]: parameter 'port' expects a value of type Undef or Array, got Integer HOT 1
- Ubuntu 22.04 Port changing HOT 1
- identityfile doesn't work right.
- UseRoaming client parameter does not respect the $use_roaming parameter
- re-integrate Ubuntu 18.04 support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-module-ssh.