add sshd_pubkey_authentication variable, with the default set to yes
This commit is contained in:
Micah Anderson
parent
51c18b6b8f
commit
6f5a865b58
5 changed files with 29 additions and 3 deletions
|
|
@ -51,6 +51,10 @@
|
|||
# sshd_agent_forwarding: If you want to allow ssh-agent forwarding
|
||||
# Valid Values: yes or no
|
||||
# Default: no
|
||||
#
|
||||
# sshd_pubkey_authentication: If you want to enable public key authentication
|
||||
# Valid Values: yes or no
|
||||
# Default: yes
|
||||
|
||||
class sshd {
|
||||
include sshd::client
|
||||
|
|
@ -97,6 +101,10 @@ class sshd::base {
|
|||
'' => 'no',
|
||||
default => $sshd_challenge_response_authentication
|
||||
}
|
||||
$real_sshd_pubkey_authentication = $sshd_pubkey_authentication ? {
|
||||
'' => 'no',
|
||||
default => $sshd_pubkey_authentication
|
||||
}
|
||||
|
||||
file { 'sshd_config':
|
||||
path => '/etc/ssh/sshd_config',
|
||||
|
|
|
|||
|
|
@ -45,7 +45,11 @@ PermitRootLogin without-password
|
|||
#MaxAuthTries 6
|
||||
|
||||
#RSAAuthentication yes
|
||||
#PubkeyAuthentication yes
|
||||
<%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %>
|
||||
PubkeyAuthentication yes
|
||||
<%- else %>
|
||||
PubkeyAuthentication no
|
||||
<%- end %>
|
||||
#AuthorizedKeysFile .ssh/authorized_keys
|
||||
|
||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
||||
|
|
|
|||
|
|
@ -35,7 +35,12 @@ PermitRootLogin without-password
|
|||
StrictModes yes
|
||||
|
||||
RSAAuthentication yes
|
||||
<%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %>
|
||||
PubkeyAuthentication yes
|
||||
<%- else %>
|
||||
PubkeyAuthentication no
|
||||
<%- end %>
|
||||
|
||||
#AuthorizedKeysFile %h/.ssh/authorized_keys
|
||||
|
||||
# rhosts authentication should not be used
|
||||
|
|
|
|||
|
|
@ -48,7 +48,11 @@ PermitRootLogin without-password
|
|||
#MaxAuthTries 6
|
||||
|
||||
#RSAAuthentication yes
|
||||
#PubkeyAuthentication yes
|
||||
<%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %>
|
||||
PubkeyAuthentication yes
|
||||
<%- else %>
|
||||
PubkeyAuthentication no
|
||||
<%- end %>
|
||||
#AuthorizedKeysFile .ssh/authorized_keys
|
||||
|
||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
||||
|
|
|
|||
|
|
@ -41,7 +41,12 @@ PermitRootLogin without-password
|
|||
#MaxAuthTries 6
|
||||
|
||||
#RSAAuthentication yes
|
||||
#PubkeyAuthentication yes
|
||||
<%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %>
|
||||
PubkeyAuthentication yes
|
||||
<%- else %>
|
||||
PubkeyAuthentication no
|
||||
<%- end %>
|
||||
|
||||
#AuthorizedKeysFile .ssh/authorized_keys
|
||||
|
||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
||||
|
|
|
|||
Loading…
Reference in a new issue