diff options
author | Micah Anderson <micah@riseup.net> | 2008-09-26 17:34:09 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2008-09-26 17:44:16 -0400 |
commit | 06163fbb920bf7f8dbb7ae2018e1f861003ed9ce (patch) | |
tree | c299cb9d7ce8cb2e9b55ed659e69c85fd6b1615a /templates/sshd_config/Debian_normal.erb | |
parent | 9edd2705d4c59ac8cb75a67b587d06d32cb5e6c6 (diff) | |
download | puppet-sshd-06163fbb920bf7f8dbb7ae2018e1f861003ed9ce.tar.gz puppet-sshd-06163fbb920bf7f8dbb7ae2018e1f861003ed9ce.tar.bz2 |
added sshd_rhosts_rsa_authentication variable, default set to no
added sshd_hostbased_authentication variable, default set to no
Diffstat (limited to 'templates/sshd_config/Debian_normal.erb')
-rw-r--r-- | templates/sshd_config/Debian_normal.erb | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb index 155c4da..28e799d 100644 --- a/templates/sshd_config/Debian_normal.erb +++ b/templates/sshd_config/Debian_normal.erb @@ -53,8 +53,12 @@ PubkeyAuthentication no #AuthorizedKeysFile %h/.ssh/authorized_keys -# rhosts authentication should not be used -#RhostsAuthentication no +# For this to work you will also need host keys in /etc/ssh_known_hosts +<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %> +RhostsRSAAuthentication yes +<%- else %> +RhostsRSAAuthentication no +<% end -%> # Don't read the user's ~/.rhosts and ~/.shosts files <%- if real_sshd_pubkey_authentication.to_s == 'yes' then %> @@ -63,10 +67,13 @@ IgnoreRhosts yes IgnoreRhosts no <% end -%> -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no # similar for protocol version 2 +<%- if real_sshd_hostbased_authentication.to_s == 'yes' then %> +HostbasedAuthentication yes +<%- else %> HostbasedAuthentication no +<% end -%> + # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes |