aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/init.pp10
-rw-r--r--templates/sshd_config/CentOS_normal.erb7
-rw-r--r--templates/sshd_config/Debian_normal.erb6
-rw-r--r--templates/sshd_config/Gentoo_normal.erb7
-rw-r--r--templates/sshd_config/OpenBSD_normal.erb6
5 files changed, 31 insertions, 5 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index c2f318c..4841038 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -83,6 +83,10 @@
#
# sshd_port: If you want to specify a different port than the default 22
# Default: 22
+#
+# sshd_authorized_keys_file: Set this to the location of the AuthorizedKeysFile (e.g. /etc/ssh/authorized_keys/%u)
+# Default: AuthorizedKeysFile %h/.ssh/authorized_keys
+#
class sshd {
include sshd::client
@@ -165,7 +169,11 @@ class sshd::base {
'' => 22,
default => $sshd_port
}
-
+ $real_sshd_authorized_keys_file = $sshd_authorized_keys_file ? {
+ '' => "%h/.ssh/authorized_keys",
+ default => $sshd_authorized_keys_file
+ }
+
file { 'sshd_config':
path => '/etc/ssh/sshd_config',
owner => root,
diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb
index 3217b4e..3ec0f41 100644
--- a/templates/sshd_config/CentOS_normal.erb
+++ b/templates/sshd_config/CentOS_normal.erb
@@ -66,7 +66,12 @@ PubkeyAuthentication yes
<%- else %>
PubkeyAuthentication no
<%- end %>
-#AuthorizedKeysFile .ssh/authorized_keys
+
+<%- unless real_sshd_authorized_keys_file.to_s.empty? then %>
+AuthorizedKeysFile <%= real_sshd_authorized_keys_file %>
+<%- else %>
+AuthorizedKeysFile %h/.ssh/authorized_keys
+<%- end %>
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb
index 7cdb5f2..a1e1ece 100644
--- a/templates/sshd_config/Debian_normal.erb
+++ b/templates/sshd_config/Debian_normal.erb
@@ -57,7 +57,11 @@ PubkeyAuthentication yes
PubkeyAuthentication no
<%- end %>
-#AuthorizedKeysFile %h/.ssh/authorized_keys
+<%- unless real_sshd_authorized_keys_file.to_s.empty? then %>
+AuthorizedKeysFile <%= real_sshd_authorized_keys_file %>
+<%- else %>
+AuthorizedKeysFile %h/.ssh/authorized_keys
+<%- end %>
# For this to work you will also need host keys in /etc/ssh_known_hosts
<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
diff --git a/templates/sshd_config/Gentoo_normal.erb b/templates/sshd_config/Gentoo_normal.erb
index c8e2ee1..4acfb40 100644
--- a/templates/sshd_config/Gentoo_normal.erb
+++ b/templates/sshd_config/Gentoo_normal.erb
@@ -69,7 +69,12 @@ PubkeyAuthentication yes
<%- else %>
PubkeyAuthentication no
<%- end %>
-#AuthorizedKeysFile .ssh/authorized_keys
+
+<%- unless real_sshd_authorized_keys_file.to_s.empty? then %>
+AuthorizedKeysFile <%= real_sshd_authorized_keys_file %>
+<%- else %>
+AuthorizedKeysFile %h/.ssh/authorized_keys
+<%- end %>
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
diff --git a/templates/sshd_config/OpenBSD_normal.erb b/templates/sshd_config/OpenBSD_normal.erb
index 139613a..b36a988 100644
--- a/templates/sshd_config/OpenBSD_normal.erb
+++ b/templates/sshd_config/OpenBSD_normal.erb
@@ -63,7 +63,11 @@ PubkeyAuthentication yes
PubkeyAuthentication no
<%- end %>
-#AuthorizedKeysFile .ssh/authorized_keys
+<%- unless real_sshd_authorized_keys_file.to_s.empty? then %>
+AuthorizedKeysFile <%= real_sshd_authorized_keys_file %>
+<%- else %>
+AuthorizedKeysFile %h/.ssh/authorized_keys
+<%- end %>
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>