Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
56,349 Commits 28 Branches 143 Tags 630 MiB
Commit Graph

5 Commits

Author SHA1 Message Date
Alex Vandiver aaf3eb514d puppet: Allow controlling known_hosts. 
Note that this uses `ssh-keyscan` to write in the currently-observed
host fingerprint; if DNS or network is untrusted during initial puppet
apply, this can allow attackers to write their own host key, obviating
the utility of known_hosts.

We do not view this as a likely attack mechanism, since in our
deployment the network and DNS is almost certainly trusted, and if
not, the timing attack to catch only initial configuration is likely
impossible.
 2024-02-06 11:34:09 -08:00
Alex Vandiver 795621771f puppet: Pull authorized_keys from AWS secretsmanager. 2024-01-31 16:41:04 -08:00
Alex Vandiver ff00c01538 bootstrap-aws-installer: Pull all keys from secretsmanager. 2024-01-31 16:41:04 -08:00
Alex Vandiver 65d2e855a0 puppet: Switch removal of MOTD directories for .hushlogin. 
Rather than have to keep resolving apt conflicts with the lack of
`/etc/update-motd.d`, have each user disable the motds with a
`.hushlogin` file.
 2024-01-31 16:41:04 -08:00
Alex Vandiver 1bddf41731 puppet: Factor out creation of basic user dotfiles. 2024-01-31 16:41:04 -08:00