diff options
| author | Micah Anderson <micah@riseup.net> | 2008-09-26 17:10:33 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2008-09-26 17:10:33 -0400 |
| commit | 6f5a865b583b1cc2c51484ce03f88be52e2c5b8d (patch) | |
| tree | 6cf437b9fe0b0e4998903506e5f18ef924ea1cd1 | |
| parent | 51c18b6b8f71a925e3c94b459dbc257f2466c453 (diff) | |
| download | puppet-sshd-6f5a865b583b1cc2c51484ce03f88be52e2c5b8d.tar.gz puppet-sshd-6f5a865b583b1cc2c51484ce03f88be52e2c5b8d.tar.bz2 | |
add sshd_pubkey_authentication variable, with the default set to yes
| -rw-r--r-- | manifests/init.pp | 8 | ||||
| -rw-r--r-- | templates/sshd_config/CentOS_normal.erb | 6 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_normal.erb | 5 | ||||
| -rw-r--r-- | templates/sshd_config/Gentoo_normal.erb | 6 | ||||
| -rw-r--r-- | templates/sshd_config/OpenBSD_normal.erb | 7 |
5 files changed, 29 insertions, 3 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 029ab95..413c46a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -51,6 +51,10 @@ # sshd_agent_forwarding: If you want to allow ssh-agent forwarding # Valid Values: yes or no # Default: no +# +# sshd_pubkey_authentication: If you want to enable public key authentication +# Valid Values: yes or no +# Default: yes class sshd { include sshd::client @@ -97,6 +101,10 @@ class sshd::base { '' => 'no', default => $sshd_challenge_response_authentication } + $real_sshd_pubkey_authentication = $sshd_pubkey_authentication ? { + '' => 'no', + default => $sshd_pubkey_authentication + } file { 'sshd_config': path => '/etc/ssh/sshd_config', diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb index a053001..b0bea46 100644 --- a/templates/sshd_config/CentOS_normal.erb +++ b/templates/sshd_config/CentOS_normal.erb @@ -45,7 +45,11 @@ PermitRootLogin without-password #MaxAuthTries 6 #RSAAuthentication yes -#PubkeyAuthentication yes +<%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %> +PubkeyAuthentication yes +<%- else %> +PubkeyAuthentication no +<%- end %> #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb index a1d7a45..d105ecc 100644 --- a/templates/sshd_config/Debian_normal.erb +++ b/templates/sshd_config/Debian_normal.erb @@ -35,7 +35,12 @@ PermitRootLogin without-password StrictModes yes RSAAuthentication yes +<%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %> PubkeyAuthentication yes +<%- else %> +PubkeyAuthentication no +<%- end %> + #AuthorizedKeysFile %h/.ssh/authorized_keys # rhosts authentication should not be used diff --git a/templates/sshd_config/Gentoo_normal.erb b/templates/sshd_config/Gentoo_normal.erb index 5605f14..3538754 100644 --- a/templates/sshd_config/Gentoo_normal.erb +++ b/templates/sshd_config/Gentoo_normal.erb @@ -48,7 +48,11 @@ PermitRootLogin without-password #MaxAuthTries 6 #RSAAuthentication yes -#PubkeyAuthentication yes +<%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %> +PubkeyAuthentication yes +<%- else %> +PubkeyAuthentication no +<%- end %> #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts diff --git a/templates/sshd_config/OpenBSD_normal.erb b/templates/sshd_config/OpenBSD_normal.erb index 954b420..bee3548 100644 --- a/templates/sshd_config/OpenBSD_normal.erb +++ b/templates/sshd_config/OpenBSD_normal.erb @@ -41,7 +41,12 @@ PermitRootLogin without-password #MaxAuthTries 6 #RSAAuthentication yes -#PubkeyAuthentication yes +<%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %> +PubkeyAuthentication yes +<%- else %> +PubkeyAuthentication no +<%- end %> + #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts |