diff options
| -rw-r--r-- | manifests/init.pp | 10 | ||||
| -rw-r--r-- | templates/sshd_config/CentOS_normal.erb | 7 | ||||
| -rw-r--r-- | templates/sshd_config/Debian_normal.erb | 6 | ||||
| -rw-r--r-- | templates/sshd_config/Gentoo_normal.erb | 7 | ||||
| -rw-r--r-- | templates/sshd_config/OpenBSD_normal.erb | 6 |
5 files changed, 31 insertions, 5 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index c2f318c..4841038 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -83,6 +83,10 @@ # # sshd_port: If you want to specify a different port than the default 22 # Default: 22 +# +# sshd_authorized_keys_file: Set this to the location of the AuthorizedKeysFile (e.g. /etc/ssh/authorized_keys/%u) +# Default: AuthorizedKeysFile %h/.ssh/authorized_keys +# class sshd { include sshd::client @@ -165,7 +169,11 @@ class sshd::base { '' => 22, default => $sshd_port } - + $real_sshd_authorized_keys_file = $sshd_authorized_keys_file ? { + '' => "%h/.ssh/authorized_keys", + default => $sshd_authorized_keys_file + } + file { 'sshd_config': path => '/etc/ssh/sshd_config', owner => root, diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb index 3217b4e..3ec0f41 100644 --- a/templates/sshd_config/CentOS_normal.erb +++ b/templates/sshd_config/CentOS_normal.erb @@ -66,7 +66,12 @@ PubkeyAuthentication yes <%- else %> PubkeyAuthentication no <%- end %> -#AuthorizedKeysFile .ssh/authorized_keys + +<%- unless real_sshd_authorized_keys_file.to_s.empty? then %> +AuthorizedKeysFile <%= real_sshd_authorized_keys_file %> +<%- else %> +AuthorizedKeysFile %h/.ssh/authorized_keys +<%- end %> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %> diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb index 7cdb5f2..a1e1ece 100644 --- a/templates/sshd_config/Debian_normal.erb +++ b/templates/sshd_config/Debian_normal.erb @@ -57,7 +57,11 @@ PubkeyAuthentication yes PubkeyAuthentication no <%- end %> -#AuthorizedKeysFile %h/.ssh/authorized_keys +<%- unless real_sshd_authorized_keys_file.to_s.empty? then %> +AuthorizedKeysFile <%= real_sshd_authorized_keys_file %> +<%- else %> +AuthorizedKeysFile %h/.ssh/authorized_keys +<%- end %> # For this to work you will also need host keys in /etc/ssh_known_hosts <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %> diff --git a/templates/sshd_config/Gentoo_normal.erb b/templates/sshd_config/Gentoo_normal.erb index c8e2ee1..4acfb40 100644 --- a/templates/sshd_config/Gentoo_normal.erb +++ b/templates/sshd_config/Gentoo_normal.erb @@ -69,7 +69,12 @@ PubkeyAuthentication yes <%- else %> PubkeyAuthentication no <%- end %> -#AuthorizedKeysFile .ssh/authorized_keys + +<%- unless real_sshd_authorized_keys_file.to_s.empty? then %> +AuthorizedKeysFile <%= real_sshd_authorized_keys_file %> +<%- else %> +AuthorizedKeysFile %h/.ssh/authorized_keys +<%- end %> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %> diff --git a/templates/sshd_config/OpenBSD_normal.erb b/templates/sshd_config/OpenBSD_normal.erb index 139613a..b36a988 100644 --- a/templates/sshd_config/OpenBSD_normal.erb +++ b/templates/sshd_config/OpenBSD_normal.erb @@ -63,7 +63,11 @@ PubkeyAuthentication yes PubkeyAuthentication no <%- end %> -#AuthorizedKeysFile .ssh/authorized_keys +<%- unless real_sshd_authorized_keys_file.to_s.empty? then %> +AuthorizedKeysFile <%= real_sshd_authorized_keys_file %> +<%- else %> +AuthorizedKeysFile %h/.ssh/authorized_keys +<%- end %> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %> |