add variable sshd_permit_empty_passwords, with the default set to no
This commit is contained in:
Micah Anderson
parent
d2b60a477a
commit
58fef5f809
5 changed files with 34 additions and 3 deletions
|
|
@ -71,6 +71,11 @@
|
|||
# sshd_strict_modes: If you want to set StrictModes (check file modes/ownership before accepting login)
|
||||
# Valid Values: yes or no
|
||||
# Default: yes
|
||||
#
|
||||
# sshd_permit_empty_passwords: If you want enable PermitEmptyPasswords to allow empty passwords
|
||||
# Valid Values: yes or no
|
||||
# Default: no
|
||||
|
||||
|
||||
class sshd {
|
||||
include sshd::client
|
||||
|
|
@ -141,6 +146,10 @@ class sshd::base {
|
|||
'' => 'no',
|
||||
default => $sshd_hostbased_authentication
|
||||
}
|
||||
$real_sshd_permit_empty_passwords = $sshd_permit_empty_passwords ? {
|
||||
'' => 'no',
|
||||
default => $sshd_permit_empty_passwords
|
||||
}
|
||||
|
||||
file { 'sshd_config':
|
||||
path => '/etc/ssh/sshd_config',
|
||||
|
|
|
|||
|
|
@ -94,7 +94,13 @@ PasswordAuthentication yes
|
|||
<%- else %>
|
||||
PasswordAuthentication no
|
||||
<%- end %>
|
||||
#PermitEmptyPasswords no
|
||||
|
||||
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
||||
<%- if real_sshd_empty_passwords.to_s == 'yes' then %>
|
||||
PermitEmptyPasswords yes
|
||||
<% else -%>
|
||||
PermitEmptyPasswords no
|
||||
<% end -%>
|
||||
|
||||
# Change to no to disable s/key passwords
|
||||
<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>
|
||||
|
|
|
|||
|
|
@ -78,7 +78,11 @@ HostbasedAuthentication no
|
|||
#IgnoreUserKnownHosts yes
|
||||
|
||||
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
||||
<%- if real_sshd_empty_passwords.to_s == 'yes' then %>
|
||||
PermitEmptyPasswords yes
|
||||
<% else -%>
|
||||
PermitEmptyPasswords no
|
||||
<% end -%>
|
||||
|
||||
# Change to no to disable s/key passwords
|
||||
<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>
|
||||
|
|
|
|||
|
|
@ -97,7 +97,13 @@ PasswordAuthentication yes
|
|||
<%- else %>
|
||||
PasswordAuthentication no
|
||||
<%- end %>
|
||||
#PermitEmptyPasswords no
|
||||
|
||||
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
||||
<%- if real_sshd_empty_passwords.to_s == 'yes' then %>
|
||||
PermitEmptyPasswords yes
|
||||
<% else -%>
|
||||
PermitEmptyPasswords no
|
||||
<% end -%>
|
||||
|
||||
# Change to no to disable s/key passwords
|
||||
<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>
|
||||
|
|
|
|||
|
|
@ -91,7 +91,13 @@ PasswordAuthentication yes
|
|||
<%- else %>
|
||||
PasswordAuthentication no
|
||||
<%- end %>
|
||||
#PermitEmptyPasswords no
|
||||
|
||||
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
||||
<%- if real_sshd_empty_passwords.to_s == 'yes' then %>
|
||||
PermitEmptyPasswords yes
|
||||
<% else -%>
|
||||
PermitEmptyPasswords no
|
||||
<% end -%>
|
||||
|
||||
# Change to no to disable s/key passwords
|
||||
<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>
|
||||
|
|
|
|||
Loading…
Reference in a new issue