Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Lonlone Lee
base
Commits
e94099c9
Commit
e94099c9
authored
Dec 16, 2016
by
Adam Lewenberg
Browse files
release/005.003
parent
8c51110d
Changes
2
Hide whitespace changes
Inline
Side-by-side
NEWS
View file @
e94099c9
release
/
005.003
(
2016
-
12
-
16
)
[
ssh
]
Add
"@"
to
a
few
more
variables
on
sshd_config
.
erb
.
[
adamhl
]
release
/
005.002
(
2016
-
12
-
13
)
[
ssh
]
Change
the
class
"ssh::pam"
to
"base::ssh::pam"
.
This
should
...
...
templates/ssh/sshd_config.erb
View file @
e94099c9
...
...
@@ -34,7 +34,7 @@ Protocol 2
# Only support RSA keys, not DSA keys.
HostKey /etc/ssh/ssh_host_rsa_key
<%
if
ed25519
then
-%>
<%
if
@
ed25519
then
-%>
# Also support Ed25519 host keys.
HostKey /etc/ssh/ssh_host_ed25519_key
...
...
@@ -60,7 +60,7 @@ HostbasedAuthentication <%= @hostbased ? 'yes' : 'no' %>
# Allow password authentication via PAM, but not empty passwords.
ChallengeResponseAuthentication yes
PasswordAuthentication
<%=
password
?
'yes'
:
'no'
%>
PasswordAuthentication
<%=
@
password
?
'yes'
:
'no'
%>
UsePAM yes
PermitEmptyPasswords no
...
...
@@ -68,14 +68,14 @@ PermitEmptyPasswords no
# to add GSSAPIStoreCredentialsOnRekey yes.
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
<%
if
(
@osfamily
!=
'RedHat'
)
or
(
lsbmajdistrelease
.
to_i
()
>=
6
)
then
-%>
<%
if
(
@osfamily
!=
'RedHat'
)
or
(
@
lsbmajdistrelease
.
to_i
()
>=
6
)
then
-%>
GSSAPIKeyExchange yes
GSSAPIStrictAcceptorCheck no
<%
end
-%>
<%
if
(
@operatingsystem
==
'Debian'
)
and
(
@lsbdistcodename
!=
'lenny'
)
then
-%>
GSSAPIStoreCredentialsOnRekey yes
<%
end
-%>
<%
if
(
@osfamily
==
'RedHat'
)
and
(
lsbmajdistrelease
.
to_i
()
>=
6
)
then
-%>
<%
if
(
@osfamily
==
'RedHat'
)
and
(
@
lsbmajdistrelease
.
to_i
()
>=
6
)
then
-%>
GSSAPIStoreCredentialsOnRekey yes
<%
end
-%>
<%
if
(
@operatingsystem
==
'Ubuntu'
)
then
-%>
...
...
@@ -84,7 +84,7 @@ GSSAPIStoreCredentialsOnRekey yes
<%
if
(
@pam_duo
)
then
-%>
# Require both (GSS-API|PASSWORD) and PAM.
AuthenticationMethods gssapi-with-mic,keyboard-interactive:pam
<%
if
password
then
%>
password,keyboard-interactive:pam
<%
end
%>
AuthenticationMethods gssapi-with-mic,keyboard-interactive:pam
<%
if
@
password
then
%>
password,keyboard-interactive:pam
<%
end
%>
KerberosAuthentication yes
<%
end
-%>
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment