aboutsummaryrefslogtreecommitdiff
path: root/templates/sshd_config/Debian_normal.erb
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2008-09-26 17:34:09 -0400
committerMicah Anderson <micah@riseup.net>2008-09-26 17:44:16 -0400
commit06163fbb920bf7f8dbb7ae2018e1f861003ed9ce (patch)
treec299cb9d7ce8cb2e9b55ed659e69c85fd6b1615a /templates/sshd_config/Debian_normal.erb
parent9edd2705d4c59ac8cb75a67b587d06d32cb5e6c6 (diff)
downloadpuppet-sshd-06163fbb920bf7f8dbb7ae2018e1f861003ed9ce.tar.gz
puppet-sshd-06163fbb920bf7f8dbb7ae2018e1f861003ed9ce.tar.bz2
added sshd_rhosts_rsa_authentication variable, default set to no
added sshd_hostbased_authentication variable, default set to no
Diffstat (limited to 'templates/sshd_config/Debian_normal.erb')
-rw-r--r--templates/sshd_config/Debian_normal.erb15
1 files changed, 11 insertions, 4 deletions
diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb
index 155c4da..28e799d 100644
--- a/templates/sshd_config/Debian_normal.erb
+++ b/templates/sshd_config/Debian_normal.erb
@@ -53,8 +53,12 @@ PubkeyAuthentication no
#AuthorizedKeysFile %h/.ssh/authorized_keys
-# rhosts authentication should not be used
-#RhostsAuthentication no
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
+RhostsRSAAuthentication yes
+<%- else %>
+RhostsRSAAuthentication no
+<% end -%>
# Don't read the user's ~/.rhosts and ~/.shosts files
<%- if real_sshd_pubkey_authentication.to_s == 'yes' then %>
@@ -63,10 +67,13 @@ IgnoreRhosts yes
IgnoreRhosts no
<% end -%>
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-RhostsRSAAuthentication no
# similar for protocol version 2
+<%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
+HostbasedAuthentication yes
+<%- else %>
HostbasedAuthentication no
+<% end -%>
+
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes