add sshd_ignore_rhosts option, default set to yes

author: Micah Anderson <micah@riseup.net> 2008-09-26 17:30:28 -0400
committer: Micah Anderson <micah@riseup.net> 2008-09-26 17:30:28 -0400
commit: 9edd2705d4c59ac8cb75a67b587d06d32cb5e6c6 (patch)
tree: ec918ac2f13b7bc7c76fba7662ce6c708ae8f0d8 /templates/sshd_config/CentOS_normal.erb
parent: ba8d788f89e2e8676985b40553a9f6794a322217 (diff)
download: puppet-sshd-9edd2705d4c59ac8cb75a67b587d06d32cb5e6c6.tar.gz
puppet-sshd-9edd2705d4c59ac8cb75a67b587d06d32cb5e6c6.tar.bz2
1 files changed, 6 insertions, 1 deletions
diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb
index 849d9fb..e2b4005 100644
--- a/templates/sshd_config/CentOS_normal.erb
+++ b/templates/sshd_config/CentOS_normal.erb
@@ -70,8 +70,13 @@ PubkeyAuthentication no
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # RhostsRSAAuthentication and HostbasedAuthentication
 #IgnoreUserKnownHosts no
+
 # Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
+<%- if real_sshd_pubkey_authentication.to_s == 'yes' then %>
+IgnoreRhosts yes
+<%- else %>
+IgnoreRhosts no
+<% end -%>
 
 # To disable tunneled clear text passwords, change to no here!
 <%- if real_sshd_password_authentication.to_s == 'yes' then %>
author	Micah Anderson <micah@riseup.net>	2008-09-26 17:30:28 -0400
committer	Micah Anderson <micah@riseup.net>	2008-09-26 17:30:28 -0400
commit	9edd2705d4c59ac8cb75a67b587d06d32cb5e6c6 (patch)
tree	ec918ac2f13b7bc7c76fba7662ce6c708ae8f0d8 /templates/sshd_config/CentOS_normal.erb
parent	ba8d788f89e2e8676985b40553a9f6794a322217 (diff)
download	puppet-sshd-9edd2705d4c59ac8cb75a67b587d06d32cb5e6c6.tar.gz puppet-sshd-9edd2705d4c59ac8cb75a67b587d06d32cb5e6c6.tar.bz2