ansible-ssh-hardening 8.0.0

8.0.0 (2020-04-21)

Full Changelog

Breaking Changes:

• We removed configuring 2fa, as it does not belong into this role (#269)
• ssh_google_auth and ssh_pam_device are gone and replaced by sshd_authenticationmethods (#245)
• ssh_allow_tcp_forwarding is no longer a bool but a string because it accepts other values as yes/no (#257)

Implemented enhancements:

• Remove dependency on bash #265
• Possibility to use other value than yes/no for AllowTCPforwarding #255
• Add support for Debian Buster in ansible-ssh-hardening #248
• Some options not configurable via the role #239
• PermitUserEnvironment should not be conflated with AcceptEnv #232
• Disable also dynamic MOTD via PAM if enabled - refs #271 #273 (ancoron)
• Use sha2 HMACs on RHEL 6 / CentOS 6. #270 (foonix)
• Removing 2fa #269 (dennisse)
• Renaming Ansible variables discovered from systems #268 (PovilasGT)
• Do not use bash to get ssh version #266 (kljensen)
• Add 'all', 'local', 'yes', 'no' options support for AllowTcpForwarding variable #257 (brnck)
• Support KEX for OpenSSH 8.0+ & quantum resistant KEX #254 (lunarthegrey)
• SFTP: set default umask to 0027 #252 (Slamdunk)
• Separate PermitUserEnviroment from AcceptEnv #251 (szEvEz)
• Feature: Debian 10 (Buster) support #249 (jaredledvina)
• fix broken packages, extend README with furhter development instructions #246 (szEvEz)
• refactor authenticationmethod settings, allow user to set authenticat… #245 (szEvEz)
• RHEL/OL/CentOS 8 support #242 (Furragen)
• Added ssh_syslog_facility, ssh_log_level and ssh_strict_modes parameters #240 (bschonec)
• set UsePAM to yes by default #233 (rndmh3ro)

Fixed bugs:

• HostKey comment "# Req 20" breaks key based auth #262
• SSH fails to start/connect if custom server ports is set on CentOS 7.6 #212
• Google 2fa authentication problem #170
• vars: remove empty main.yml file #274 (paulfantom)
• Only manage moduli when hardening server #267 (jbronn)
• Remove comment from sshd config HostKey param #263 (abtreece)