From ef5f7c47c5b9fb3bbb18b9ec523953c0f63445a0 Mon Sep 17 00:00:00 2001 From: David Galloway Date: Fri, 27 Apr 2018 12:13:00 -0400 Subject: [PATCH] testnode: Create sshd config and set package vars for Bionic Packages missing in Bionic that were in Xenial: - libapache2-mod-fastcgi - libboost-thread1.58.0 - libcrypto++9v5 Signed-off-by: David Galloway --- .../templates/ssh/sshd_config_ubuntu_18 | 91 +++++++++++++++++++ roles/testnode/vars/ubuntu_18.yml | 15 +++ 2 files changed, 106 insertions(+) create mode 100644 roles/testnode/templates/ssh/sshd_config_ubuntu_18 create mode 100644 roles/testnode/vars/ubuntu_18.yml diff --git a/roles/testnode/templates/ssh/sshd_config_ubuntu_18 b/roles/testnode/templates/ssh/sshd_config_ubuntu_18 new file mode 100644 index 0000000..6e48757 --- /dev/null +++ b/roles/testnode/templates/ssh/sshd_config_ubuntu_18 @@ -0,0 +1,91 @@ +# {{ ansible_managed }} +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 1024 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin without-password +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +MaxSessions 1000 diff --git a/roles/testnode/vars/ubuntu_18.yml b/roles/testnode/vars/ubuntu_18.yml new file mode 100644 index 0000000..aaa1b93 --- /dev/null +++ b/roles/testnode/vars/ubuntu_18.yml @@ -0,0 +1,15 @@ +--- +packages: + - mpich + - qemu-system-x86 +# - blkin + - lttng-tools + # for building xfstests #18067 + - libtool-bin + +non_aarch64_packages: + - libgoogle-perftools4 + - iozone3 + - libssl1.0.0 + +non_aarch64_packages_to_upgrade: [] -- 2.39.5