From ef6f137cff6cf749031423fd7384dbd0f29a7dfc Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 26 Sep 2008 20:03:10 -0400 Subject: add the variable sshd_authorized_keys_file with the default set to the normal: %h/.ssh/authorized_keys --- manifests/init.pp | 10 +++++++++- templates/sshd_config/CentOS_normal.erb | 7 ++++++- templates/sshd_config/Debian_normal.erb | 6 +++++- templates/sshd_config/Gentoo_normal.erb | 7 ++++++- templates/sshd_config/OpenBSD_normal.erb | 6 +++++- 5 files changed, 31 insertions(+), 5 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index c2f318c..4841038 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -83,6 +83,10 @@ # # sshd_port: If you want to specify a different port than the default 22 # Default: 22 +# +# sshd_authorized_keys_file: Set this to the location of the AuthorizedKeysFile (e.g. /etc/ssh/authorized_keys/%u) +# Default: AuthorizedKeysFile %h/.ssh/authorized_keys +# class sshd { include sshd::client @@ -165,7 +169,11 @@ class sshd::base { '' => 22, default => $sshd_port } - + $real_sshd_authorized_keys_file = $sshd_authorized_keys_file ? { + '' => "%h/.ssh/authorized_keys", + default => $sshd_authorized_keys_file + } + file { 'sshd_config': path => '/etc/ssh/sshd_config', owner => root, diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb index 3217b4e..3ec0f41 100644 --- a/templates/sshd_config/CentOS_normal.erb +++ b/templates/sshd_config/CentOS_normal.erb @@ -66,7 +66,12 @@ PubkeyAuthentication yes <%- else %> PubkeyAuthentication no <%- end %> -#AuthorizedKeysFile .ssh/authorized_keys + +<%- unless real_sshd_authorized_keys_file.to_s.empty? then %> +AuthorizedKeysFile <%= real_sshd_authorized_keys_file %> +<%- else %> +AuthorizedKeysFile %h/.ssh/authorized_keys +<%- end %> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %> diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb index 7cdb5f2..a1e1ece 100644 --- a/templates/sshd_config/Debian_normal.erb +++ b/templates/sshd_config/Debian_normal.erb @@ -57,7 +57,11 @@ PubkeyAuthentication yes PubkeyAuthentication no <%- end %> -#AuthorizedKeysFile %h/.ssh/authorized_keys +<%- unless real_sshd_authorized_keys_file.to_s.empty? then %> +AuthorizedKeysFile <%= real_sshd_authorized_keys_file %> +<%- else %> +AuthorizedKeysFile %h/.ssh/authorized_keys +<%- end %> # For this to work you will also need host keys in /etc/ssh_known_hosts <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %> diff --git a/templates/sshd_config/Gentoo_normal.erb b/templates/sshd_config/Gentoo_normal.erb index c8e2ee1..4acfb40 100644 --- a/templates/sshd_config/Gentoo_normal.erb +++ b/templates/sshd_config/Gentoo_normal.erb @@ -69,7 +69,12 @@ PubkeyAuthentication yes <%- else %> PubkeyAuthentication no <%- end %> -#AuthorizedKeysFile .ssh/authorized_keys + +<%- unless real_sshd_authorized_keys_file.to_s.empty? then %> +AuthorizedKeysFile <%= real_sshd_authorized_keys_file %> +<%- else %> +AuthorizedKeysFile %h/.ssh/authorized_keys +<%- end %> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %> diff --git a/templates/sshd_config/OpenBSD_normal.erb b/templates/sshd_config/OpenBSD_normal.erb index 139613a..b36a988 100644 --- a/templates/sshd_config/OpenBSD_normal.erb +++ b/templates/sshd_config/OpenBSD_normal.erb @@ -63,7 +63,11 @@ PubkeyAuthentication yes PubkeyAuthentication no <%- end %> -#AuthorizedKeysFile .ssh/authorized_keys +<%- unless real_sshd_authorized_keys_file.to_s.empty? then %> +AuthorizedKeysFile <%= real_sshd_authorized_keys_file %> +<%- else %> +AuthorizedKeysFile %h/.ssh/authorized_keys +<%- end %> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %> -- cgit v1.2.3