aboutsummaryrefslogtreecommitdiff
path: root/templates/sshd_config/CentOS_normal.erb
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2008-09-26 17:34:09 -0400
committerMicah Anderson <micah@riseup.net>2008-09-26 17:44:16 -0400
commit06163fbb920bf7f8dbb7ae2018e1f861003ed9ce (patch)
treec299cb9d7ce8cb2e9b55ed659e69c85fd6b1615a /templates/sshd_config/CentOS_normal.erb
parent9edd2705d4c59ac8cb75a67b587d06d32cb5e6c6 (diff)
downloadpuppet-sshd-06163fbb920bf7f8dbb7ae2018e1f861003ed9ce.tar.gz
puppet-sshd-06163fbb920bf7f8dbb7ae2018e1f861003ed9ce.tar.bz2
added sshd_rhosts_rsa_authentication variable, default set to no
added sshd_hostbased_authentication variable, default set to no
Diffstat (limited to 'templates/sshd_config/CentOS_normal.erb')
-rw-r--r--templates/sshd_config/CentOS_normal.erb14
1 files changed, 12 insertions, 2 deletions
diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb
index e2b4005..0dbe4e6 100644
--- a/templates/sshd_config/CentOS_normal.erb
+++ b/templates/sshd_config/CentOS_normal.erb
@@ -64,9 +64,19 @@ PubkeyAuthentication no
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#RhostsRSAAuthentication no
+<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
+RhostsRSAAuthentication yes
+<%- else %>
+RhostsRSAAuthentication no
+<% end -%>
+
# similar for protocol version 2
-#HostbasedAuthentication no
+<%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
+HostbasedAuthentication yes
+<%- else %>
+HostbasedAuthentication no
+<% end -%>
+
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no