opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

added sshd_rhosts_rsa_authentication variable, default set to no

Browse source 
added sshd_hostbased_authentication variable, default set to no
This commit is contained in:
Micah Anderson 2008-09-26 17:34:09 -04:00
parent 9edd2705d4
commit 06163fbb92
5 changed files with 63 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
manifests/init.pp
View file

@ -60,6 +60,14 @@
# Valid Values: yes or no # Valid Values: yes or no
# Default: no # Default: no
# #
# sshd_rhosts_rsa_authentication: If you want to enable rhosts RSA Authentication
# Valid Values: yes or no
# Default: no
#
# sshd_hostbased_authentication: If you want to enable HostbasedAuthentication
# Valid Values: yes or no
# Default: no
#
# sshd_strict_modes: If you want to set StrictModes (check file modes/ownership before accepting login) # sshd_strict_modes: If you want to set StrictModes (check file modes/ownership before accepting login)
# Valid Values: yes or no # Valid Values: yes or no
# Default: yes # Default: yes
@ -125,6 +133,14 @@ class sshd::base {
'' => 'yes', '' => 'yes',
default => $sshd_ignore_rhosts default => $sshd_ignore_rhosts
} }
$real_sshd_rhosts_rsa_authentication = $sshd_rhosts_rsa_authentication ? {
'' => 'no',
default => $sshd_rhosts_rsa_authentication
}
$real_sshd_hostbased_authentication = $sshd_hostbased_authentication ? {
'' => 'no',
default => $sshd_hostbased_authentication
}
file { 'sshd_config': file { 'sshd_config':
path => '/etc/ssh/sshd_config', path => '/etc/ssh/sshd_config',

14
templates/sshd_config/CentOS_normal.erb
View file

@ -64,9 +64,19 @@ PubkeyAuthentication no
#AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
RhostsRSAAuthentication yes
<%- else %>
RhostsRSAAuthentication no
<% end -%>
# similar for protocol version 2 # similar for protocol version 2
#HostbasedAuthentication no <%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
HostbasedAuthentication yes
<%- else %>
HostbasedAuthentication no
<% end -%>
# Change to yes if you don't trust ~/.ssh/known_hosts for # Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication # RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no #IgnoreUserKnownHosts no

15
templates/sshd_config/Debian_normal.erb
View file

@ -53,8 +53,12 @@ PubkeyAuthentication no
#AuthorizedKeysFile %h/.ssh/authorized_keys #AuthorizedKeysFile %h/.ssh/authorized_keys
# rhosts authentication should not be used # For this to work you will also need host keys in /etc/ssh_known_hosts
#RhostsAuthentication no <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
RhostsRSAAuthentication yes
<%- else %>
RhostsRSAAuthentication no
<% end -%>
# Don't read the user's ~/.rhosts and ~/.shosts files # Don't read the user's ~/.rhosts and ~/.shosts files
<%- if real_sshd_pubkey_authentication.to_s == 'yes' then %> <%- if real_sshd_pubkey_authentication.to_s == 'yes' then %>
@ -63,10 +67,13 @@ IgnoreRhosts yes
IgnoreRhosts no IgnoreRhosts no
<% end -%> <% end -%>
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2 # similar for protocol version 2
<%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
HostbasedAuthentication yes
<%- else %>
HostbasedAuthentication no HostbasedAuthentication no
<% end -%>
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes #IgnoreUserKnownHosts yes

14
templates/sshd_config/Gentoo_normal.erb
View file

@ -67,9 +67,19 @@ PubkeyAuthentication no
#AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
RhostsRSAAuthentication yes
<%- else %>
RhostsRSAAuthentication no
<% end -%>
# similar for protocol version 2 # similar for protocol version 2
#HostbasedAuthentication no <%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
HostbasedAuthentication yes
<%- else %>
HostbasedAuthentication no
<% end -%>
# Change to yes if you don't trust ~/.ssh/known_hosts for # Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication # RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no #IgnoreUserKnownHosts no

14
templates/sshd_config/OpenBSD_normal.erb
View file

@ -61,9 +61,19 @@ PubkeyAuthentication no
#AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
RhostsRSAAuthentication yes
<%- else %>
RhostsRSAAuthentication no
<% end -%>
# similar for protocol version 2 # similar for protocol version 2
#HostbasedAuthentication no <%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
HostbasedAuthentication yes
<%- else %>
HostbasedAuthentication no
<% end -%>
# Change to yes if you don't trust ~/.ssh/known_hosts for # Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication # RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no #IgnoreUserKnownHosts no