Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Lonlone Lee
base
Commits
0f9e72ed
Commit
0f9e72ed
authored
Oct 24, 2016
by
Karl Kornel
Browse files
ssh::config::sshd: Disable ed25519 by default, for older OSes.
Newer OSes should enable this globally in Hiera.
parent
5c5edd9e
Changes
2
Hide whitespace changes
Inline
Side-by-side
README.ssh
View file @
0f9e72ed
...
...
@@ -41,6 +41,7 @@ made (customizeable parameters are called out):
* Listen on all addresses ('listen_addresses', a comma-separated string).
* Disable SSHv1.
* Only use RSA host keys.
* Ed25519 host keys are not used ('ed25519', a boolean).
* Increase the login timeout to 5 minutes.
* Limit authentication attempts to 5 ('max_tries', an integer).
* On RHEL-type systems, expicitly enable privilege separation.
...
...
@@ -58,7 +59,7 @@ made (customizeable parameters are called out):
For the default SSH client configuration, GSSAPI is enabled, and on RHEL
6+ GSSAPI key-exchange and GSSAPI DNS trust are enabled. That's it.
base::ssh can also be configured to require Duo as a second authentication
factor. To enable this, set the "pam_duo" parameter to true. When you do
that, the following changes are made:
...
...
manifests/ssh/config/sshd.pp
View file @
0f9e72ed
...
...
@@ -30,7 +30,7 @@
define
base::ssh::config::sshd
(
$ensure
=
'present'
,
$gitolite
=
false
,
$ed25519
=
tru
e
,
$ed25519
=
fals
e
,
$hostbased
=
false
,
$pubkey
=
false
,
$password
=
true
,
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment