Maintenance: GitLab GKE platform upgrade and software upgrade on Friday Oct. 22 at 9 p.m. Service may not be available between 9 p.m. and 9:20 p.m.

Verified Commit f83dfce7 authored by Adam Lewenberg's avatar Adam Lewenberg
Browse files

Add @max_sessions option

parent c595058a
release/005.008 (unreleased)
[ssh] Add $max_sessions options. [adamhl]
release/005.007 (2017-06-22)
[kerberos] Add option to completely override /etc/krb5.conf using
......
......@@ -26,6 +26,11 @@
#
# If $rootloginwithpswd is set to 'no' then we allow root logins using
# GSSAPI only.
#
# $max_sessions: if you want to allow more than the default of 10
# connections per network connection, set it here. This is particularly
# useful for bastion hosts.
# Default: undef
define base::ssh::config::sshd(
$ensure = 'present',
......@@ -41,6 +46,7 @@ define base::ssh::config::sshd(
$listen_ports = '22',
$rootloginwithpswd = 'no',
$pam_duo = false,
$max_sessions = 'NOT DEFINED',
) {
if ($source) {
$template = undef
......
......@@ -121,6 +121,15 @@ Subsystem sftp /usr/lib/openssh/sftp-server
Match User gitolite
ForceCommand /usr/share/gitolite/gitolite-wrapper
<% end -%>
<%- if (@max_sessions != 'NOT DEFINED') then -%>
<%- if (@max_sessions <= 10) then -%>
# Allow fewer sessions
<%- else -%>
# Allow more sessions
<%- end -%>
MaxSessions <%= @max_sessions %>
<%- end -%>
<% if (@pam_duo) and (@rootloginwithpswd == 'no') then -%>
# Because we are enabling Duo but root logins cannot use Duo (yet),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment