Commit ac2fb6ee authored by Adam Seishas's avatar Adam Seishas Committed by Karl Kornel
Browse files

ssh::config::sshd: Add parameters to selectively enable Ed25519 host keys...

ssh::config::sshd: Add parameters to selectively enable Ed25519 host keys and/or disable password authentication
parent cf6d9ee8
......@@ -30,8 +30,10 @@
define base::ssh::config::sshd(
$ensure = 'present',
$gitolite = false,
$ed25519 = true,
$hostbased = false,
$pubkey = false,
$password = true,
$content = undef,
$source = undef,
$max_tries = 5,
......
......@@ -34,6 +34,11 @@ Protocol 2
# Only support RSA keys, not DSA keys.
HostKey /etc/ssh/ssh_host_rsa_key
<% if ed25519 then -%>
# Also support Ed25519 host keys.
HostKey /etc/ssh/ssh_host_ed25519_key
<% end -%>
# Increase the login grace period from 120 seconds to 300 seconds (5 minutes).
LoginGraceTime 300
......@@ -55,7 +60,7 @@ HostbasedAuthentication <%= hostbased ? 'yes' : 'no' %>
# Allow password authentication via PAM, but not empty passwords.
ChallengeResponseAuthentication yes
PasswordAuthentication yes
PasswordAuthentication <%= password ? 'yes' : 'no' %>
UsePAM yes
PermitEmptyPasswords no
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment