Stéphane Lesimple
4ef9c6ddde
feat: add --egress-session-multiplexing option to accountModify
2024-09-17 11:19:49 +02:00
Stéphane Lesimple
f4de5957a3
feat: add groupSetServers
2024-08-12 13:42:51 +02:00
Stéphane Lesimple
3d2cf21e0b
release v3.16.99-rc1
2024-07-03 18:31:59 +02:00
Stéphane Lesimple
cccbdc09f3
chg: Debian12, Ubuntu20+: enable sntrup KEX by default
2024-07-02 16:08:46 +02:00
Stéphane Lesimple
914d8b30b4
chg: remove support for EOL CentOS 7
2024-07-02 16:08:46 +02:00
Stéphane Lesimple
47b51c79ee
feat: accountFreeze: terminate running sessions if any
2024-06-27 17:03:07 +02:00
Stéphane Lesimple
3c9382a192
enh: use print_accepted_key_algorithms everywhere
2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
d0ac9eabb9
Implement Ingress Secure Keys
2024-04-10 10:51:01 +02:00
Cody Robertson
f51bee273e
Adjust etc/pam.d/sshd.rhel configuration
...
- Fix logic error breaking MFA handling if enabled
2024-04-08 16:31:14 +02:00
Stéphane Lesimple
7423f6ad63
feat: add dnsSupportLevel option for systems with broken DNS ( fixes #397 )
2024-03-20 11:53:00 +01:00
Stéphane Lesimple
f022bd9ac8
feat: add ttyrecStealthStdoutPattern config
...
Commands that generate a lot of stdout output and are M2M workflows, such as rsync,
can now be excluded from ttyrec to avoid filling up drives
2024-02-20 12:13:53 +01:00
Stéphane Lesimple
fd6850c7ef
fix: osh-sync-watcher: default to a valid rshcmd ( fixes #433 )
2024-02-20 12:13:43 +01:00
Stéphane Lesimple
b48463076f
feat: osh.pl: jit mfa for plugins
2023-11-08 13:21:20 +01:00
Stéphane Lesimple
708efd90ca
chore: add RockyLinux 9 support
2023-04-07 10:44:05 +02:00
Stéphane Lesimple
455fd8b8c3
chore: remove deprecated UseRoaming option from ssh_config
2023-04-07 10:44:05 +02:00
Stéphane Lesimple
4cdd52d85f
chore: add Debian 12 to tests
...
Note that Debian 12 is not released yet, so it's not yet supported.
2023-04-07 10:44:05 +02:00
Stéphane Lesimple
49dc104dd7
chore: push sandbox and tester images from Deb10 to Deb11
...
Also remove old config files from previsously dropped OS versions
2023-04-07 10:44:05 +02:00
Stéphane Lesimple
036f921c40
feat: add accountFreeze/accountUnfreeze
2022-12-30 17:53:08 +01:00
Stéphane Lesimple
7fafeb3e1d
doc: osh-encrypt-rsync.conf: add verbose
2022-07-05 18:04:19 +02:00
Stéphane Lesimple
73b6a625f5
feat: add support and tests for Ubuntu 22.04 LTS
2022-07-04 11:06:34 +02:00
Stéphane Lesimple
ee776707c1
chore: standardize doc generation for config files
2022-02-09 14:31:33 +01:00
Stéphane Lesimple
a7462c0ac7
enh: use snake_case for system scripts json config files
2022-02-09 14:31:33 +01:00
Stéphane Lesimple
e71aa7b975
feat: add osh-cleanup-guest-key-access.pl script
...
This script removes system-level access to group keys to old guests
of groups that no longer have any active access to servers of that group.
This only happens when the last access to be removed from them had a TTL.
2022-02-09 14:31:33 +01:00
Stéphane Lesimple
f43fdaaf82
enh: osh-lingering-sessions-reaper: make it configurable
2022-02-09 14:31:33 +01:00
Stéphane Lesimple
2c2064a484
feat: osh-encrypt-rsync: handle sqlite and user logs along with ttyrec files
2022-02-09 14:31:33 +01:00
Stéphane Lesimple
86c7bf39e6
remove compress-old-logs script, as osh-encrypt-rsync will do the job instead
2022-02-09 14:31:33 +01:00
Stéphane Lesimple
9d371f90a9
doc: add documentation for osh-remove-empty-folders
2022-01-19 11:23:44 +01:00
Stéphane Lesimple
7bb0843de1
feat: add osh-remove-empty-folders.sh
2022-01-19 11:23:44 +01:00
Stéphane Lesimple
415bc9b903
doc: add more info about root 2FA in sshd_config templates
2021-12-21 14:44:48 +01:00
Stéphane Lesimple
a68ccb3f8c
feat: add new OSes and deprecate old ones
...
add:
- Debian 11
- RockyLinux 8
remove:
- OpenSUSE Leap 15.2
- Old minor versions of CentOS 7.x
- Old minor versions of CentOS 8.x
2021-12-21 12:00:04 +01:00
Stéphane Lesimple
aaaa173764
feat: add the accountUnlock restricted plugin
2021-12-21 09:42:54 +01:00
Stéphane Lesimple
89ecb2c0d7
feat: add support for Duo PAM auth as MFA ( #249 )
2021-11-03 15:50:10 +01:00
Christophe Crochet
d85298f229
new account option: --pubkey-auth-optional, to allow ingress login with or without pubkey when pam is required
2021-10-15 11:22:00 +02:00
madx
ea8ed97a34
new account option: mfa-any, to allow ingress login with pubkey alone or pam alone instead of requiring both
2021-10-15 11:22:00 +02:00
Jean "henyxia" Wasilewski
b40a2fd6e3
fix: add superowner group requirement
...
Signed-off-by: Jean "henyxia" Wasilewski <henyxia@revs0.com>
2021-09-24 11:56:35 +02:00
Stéphane Lesimple
b58388a3d9
feat: add --proactive-mfa and mfa/nofa interactive commands
...
For bastions using JIT MFA, where MFA can be requested when
attempting to connect through specific groups, or when using
some commands, with respect to MFA being enforced at connection
time directly through the sshd authentication process, one can
now request MFA validation in advance, to workaround problems
in commands such as ``clush`` or ``batch``, and interactive mode.
2021-09-21 12:06:40 +02:00
Stéphane Lesimple
99686499b1
feat: osh-backup-acl-keys: add the possibility to sign encrypted backups ( #209 )
2021-09-20 17:00:18 +02:00
Stéphane Lesimple
710eb2e4cb
doc: use autosectionlabel
2021-09-02 10:06:47 +02:00
Stéphane Lesimple
92d4a46ac5
doc: add osh-piv-grace-reaper.pl config reference
2021-09-02 10:06:47 +02:00
Stéphane Lesimple
9f28dfa977
doc: add osh-backup-acl-keys.sh config reference
2021-09-02 10:06:47 +02:00
Stéphane Lesimple
3c6ce52e8e
doc: add osh-encrypt-rsync.pl config reference
2021-09-02 10:06:47 +02:00
Stéphane Lesimple
0dc448943a
doc: add osh-sync-watcher.sh config reference
2021-09-02 10:06:47 +02:00
Stéphane Lesimple
a08f56df9f
feat: support pam_faillock for Debian 11 ( #163 )
2021-07-05 10:35:58 +02:00
Stéphane Lesimple
d3f323d0c6
doc: micro fixes
2021-07-02 16:50:53 +02:00
Stéphane Lesimple
458c50eff1
documentation: add a lot of new documentation topics
2021-06-30 15:52:47 +02:00
Stéphane Lesimple
2193ee487d
enh: replace 'allowUTF8' (introduced in rc1) by 'fanciness'
2021-06-30 09:53:04 +02:00
Stéphane Lesimple
2e9fe9288b
enh: httpproxy: add options to fine-tune logging
...
Added the `log_request_response` and `log_request_response_max_size`
options to osh-http-proxy.conf.
By default, requests are logged, including their body, up to a size
of 64K per request response. Before, there was no size limit to the
logged body response.
2021-06-03 16:39:56 +02:00
Stéphane Lesimple
3925e67d43
feat: add groupDestroy command for owners
...
This command deletes a group, as `groupDelete` does, but works
for owners so that they can delete their own group.
`groupDelete` remains as a restricted command, able to delete any group.
Closes #40 .
2021-06-02 15:32:40 +02:00
Stéphane Lesimple
adb9d8c374
feat: add UTF-8 chars to output when supported and allowed
...
To enhance the readability and visibility of important messages
(such as critical ones). This can be disabled with the `allowUTF8`
global option set to `false`. It's never enabled if the user locale
or their terminal don't seem to support it.
2021-05-24 16:44:35 +02:00
Stéphane Lesimple
003052530e
feat: preparatory work to support Debian 11 "Bullseye"
...
We still need to replacee pam_tally2 by pam_faillock
Debian 11 is NOT yet supported, and won't be before it's released as stable.
2021-03-24 17:41:29 +01:00