opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

add variable sshd_permit_empty_passwords, with the default set to no

Browse source
This commit is contained in:
Micah Anderson 2008-09-26 17:51:12 -04:00
parent d2b60a477a
commit 58fef5f809
5 changed files with 34 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
manifests/init.pp
View file

@ -71,6 +71,11 @@
# sshd_strict_modes: If you want to set StrictModes (check file modes/ownership before accepting login) # sshd_strict_modes: If you want to set StrictModes (check file modes/ownership before accepting login)
# Valid Values: yes or no # Valid Values: yes or no
# Default: yes # Default: yes
#
# sshd_permit_empty_passwords: If you want enable PermitEmptyPasswords to allow empty passwords
# Valid Values: yes or no
# Default: no
class sshd { class sshd {
include sshd::client include sshd::client
@ -141,6 +146,10 @@ class sshd::base {
'' => 'no', '' => 'no',
default => $sshd_hostbased_authentication default => $sshd_hostbased_authentication
} }
$real_sshd_permit_empty_passwords = $sshd_permit_empty_passwords ? {
'' => 'no',
default => $sshd_permit_empty_passwords
}
file { 'sshd_config': file { 'sshd_config':
path => '/etc/ssh/sshd_config', path => '/etc/ssh/sshd_config',

8
templates/sshd_config/CentOS_normal.erb
View file

@ -94,7 +94,13 @@ PasswordAuthentication yes
<%- else %> <%- else %>
PasswordAuthentication no PasswordAuthentication no
<%- end %> <%- end %>
#PermitEmptyPasswords no
# To enable empty passwords, change to yes (NOT RECOMMENDED)
<%- if real_sshd_empty_passwords.to_s == 'yes' then %>
PermitEmptyPasswords yes
<% else -%>
PermitEmptyPasswords no
<% end -%>
# Change to no to disable s/key passwords # Change to no to disable s/key passwords
<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> <%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>

4
templates/sshd_config/Debian_normal.erb
View file

@ -78,7 +78,11 @@ HostbasedAuthentication no
#IgnoreUserKnownHosts yes #IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED) # To enable empty passwords, change to yes (NOT RECOMMENDED)
<%- if real_sshd_empty_passwords.to_s == 'yes' then %>
PermitEmptyPasswords yes
<% else -%>
PermitEmptyPasswords no PermitEmptyPasswords no
<% end -%>
# Change to no to disable s/key passwords # Change to no to disable s/key passwords
<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> <%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>

8
templates/sshd_config/Gentoo_normal.erb
View file

@ -97,7 +97,13 @@ PasswordAuthentication yes
<%- else %> <%- else %>
PasswordAuthentication no PasswordAuthentication no
<%- end %> <%- end %>
#PermitEmptyPasswords no
# To enable empty passwords, change to yes (NOT RECOMMENDED)
<%- if real_sshd_empty_passwords.to_s == 'yes' then %>
PermitEmptyPasswords yes
<% else -%>
PermitEmptyPasswords no
<% end -%>
# Change to no to disable s/key passwords # Change to no to disable s/key passwords
<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> <%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>

8
templates/sshd_config/OpenBSD_normal.erb
View file

@ -91,7 +91,13 @@ PasswordAuthentication yes
<%- else %> <%- else %>
PasswordAuthentication no PasswordAuthentication no
<%- end %> <%- end %>
#PermitEmptyPasswords no
# To enable empty passwords, change to yes (NOT RECOMMENDED)
<%- if real_sshd_empty_passwords.to_s == 'yes' then %>
PermitEmptyPasswords yes
<% else -%>
PermitEmptyPasswords no
<% end -%>
# Change to no to disable s/key passwords # Change to no to disable s/key passwords
<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> <%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>