Commit ac2fb6ee authored by Adam Seishas's avatar Adam Seishas Committed by Karl Kornel
Browse files

ssh::config::sshd: Add parameters to selectively enable Ed25519 host keys...

ssh::config::sshd: Add parameters to selectively enable Ed25519 host keys and/or disable password authentication
parent cf6d9ee8
...@@ -30,8 +30,10 @@ ...@@ -30,8 +30,10 @@
define base::ssh::config::sshd( define base::ssh::config::sshd(
$ensure = 'present', $ensure = 'present',
$gitolite = false, $gitolite = false,
$ed25519 = true,
$hostbased = false, $hostbased = false,
$pubkey = false, $pubkey = false,
$password = true,
$content = undef, $content = undef,
$source = undef, $source = undef,
$max_tries = 5, $max_tries = 5,
......
...@@ -34,6 +34,11 @@ Protocol 2 ...@@ -34,6 +34,11 @@ Protocol 2
# Only support RSA keys, not DSA keys. # Only support RSA keys, not DSA keys.
HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_rsa_key
<% if ed25519 then -%>
# Also support Ed25519 host keys.
HostKey /etc/ssh/ssh_host_ed25519_key
<% end -%>
# Increase the login grace period from 120 seconds to 300 seconds (5 minutes). # Increase the login grace period from 120 seconds to 300 seconds (5 minutes).
LoginGraceTime 300 LoginGraceTime 300
...@@ -55,7 +60,7 @@ HostbasedAuthentication <%= hostbased ? 'yes' : 'no' %> ...@@ -55,7 +60,7 @@ HostbasedAuthentication <%= hostbased ? 'yes' : 'no' %>
# Allow password authentication via PAM, but not empty passwords. # Allow password authentication via PAM, but not empty passwords.
ChallengeResponseAuthentication yes ChallengeResponseAuthentication yes
PasswordAuthentication yes PasswordAuthentication <%= password ? 'yes' : 'no' %>
UsePAM yes UsePAM yes
PermitEmptyPasswords no PermitEmptyPasswords no
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment