diff options
| -rw-r--r-- | manifests/init.pp | 8 | ||||
| -rw-r--r-- | templates/sshd_config/CentOS_normal.erb | 7 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_normal.erb | 5 | ||||
| -rw-r--r-- | templates/sshd_config/Gentoo_normal.erb | 7 | ||||
| -rw-r--r-- | templates/sshd_config/OpenBSD_normal.erb | 7 |
5 files changed, 31 insertions, 3 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 413c46a..a58ee58 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -55,6 +55,10 @@ # sshd_pubkey_authentication: If you want to enable public key authentication # Valid Values: yes or no # Default: yes +# +# sshd_rsa_authentication: If you wat to enable RSA Authentication +# Valid Values: yes or no +# Default: no class sshd { include sshd::client @@ -105,6 +109,10 @@ class sshd::base { '' => 'no', default => $sshd_pubkey_authentication } + $real_sshd_rsa_authentication = $sshd_rsa_authentication ? { + '' => 'no', + default => $sshd_rsa_authentication + } file { 'sshd_config': path => '/etc/ssh/sshd_config', diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb index b0bea46..a5c9c89 100644 --- a/templates/sshd_config/CentOS_normal.erb +++ b/templates/sshd_config/CentOS_normal.erb @@ -44,7 +44,12 @@ PermitRootLogin without-password #StrictModes yes #MaxAuthTries 6 -#RSAAuthentication yes +<%- if real_sshd_rsa_authentication.to_s == 'yes' then %> +RSAAuthentication yes +<%- else %> +RSAAuthentication no +<%- end %> + <%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %> PubkeyAuthentication yes <%- else %> diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb index d105ecc..985840c 100644 --- a/templates/sshd_config/Debian_normal.erb +++ b/templates/sshd_config/Debian_normal.erb @@ -34,7 +34,12 @@ PermitRootLogin without-password <%- end %> StrictModes yes +<%- if real_sshd_rsa_authentication.to_s == 'yes' then %> RSAAuthentication yes +<%- else %> +RSAAuthentication no +<%- end %> + <%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %> PubkeyAuthentication yes <%- else %> diff --git a/templates/sshd_config/Gentoo_normal.erb b/templates/sshd_config/Gentoo_normal.erb index 3538754..ee27732 100644 --- a/templates/sshd_config/Gentoo_normal.erb +++ b/templates/sshd_config/Gentoo_normal.erb @@ -47,7 +47,12 @@ PermitRootLogin without-password <%- end %> #MaxAuthTries 6 -#RSAAuthentication yes +<%- if real_sshd_rsa_authentication.to_s == 'yes' then %> +RSAAuthentication yes +<%- else %> +RSAAuthentication no +<%- end %> + <%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %> PubkeyAuthentication yes <%- else %> diff --git a/templates/sshd_config/OpenBSD_normal.erb b/templates/sshd_config/OpenBSD_normal.erb index bee3548..3043922 100644 --- a/templates/sshd_config/OpenBSD_normal.erb +++ b/templates/sshd_config/OpenBSD_normal.erb @@ -40,7 +40,12 @@ PermitRootLogin without-password #StrictModes yes #MaxAuthTries 6 -#RSAAuthentication yes +<%- if real_sshd_rsa_authentication.to_s == 'yes' then %> +RSAAuthentication yes +<%- else %> +RSAAuthentication no +<%- end %> + <%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %> PubkeyAuthentication yes <%- else %> |