Add @max_sessions option

parent c595058a
release/005.008 (unreleased)
[ssh] Add $max_sessions options. [adamhl]
release/005.007 (2017-06-22) release/005.007 (2017-06-22)
[kerberos] Add option to completely override /etc/krb5.conf using [kerberos] Add option to completely override /etc/krb5.conf using
......
...@@ -26,6 +26,11 @@ ...@@ -26,6 +26,11 @@
# #
# If $rootloginwithpswd is set to 'no' then we allow root logins using # If $rootloginwithpswd is set to 'no' then we allow root logins using
# GSSAPI only. # GSSAPI only.
#
# $max_sessions: if you want to allow more than the default of 10
# connections per network connection, set it here. This is particularly
# useful for bastion hosts.
# Default: undef
define base::ssh::config::sshd( define base::ssh::config::sshd(
$ensure = 'present', $ensure = 'present',
...@@ -41,6 +46,7 @@ define base::ssh::config::sshd( ...@@ -41,6 +46,7 @@ define base::ssh::config::sshd(
$listen_ports = '22', $listen_ports = '22',
$rootloginwithpswd = 'no', $rootloginwithpswd = 'no',
$pam_duo = false, $pam_duo = false,
$max_sessions = 'NOT DEFINED',
) { ) {
if ($source) { if ($source) {
$template = undef $template = undef
......
...@@ -121,6 +121,15 @@ Subsystem sftp /usr/lib/openssh/sftp-server ...@@ -121,6 +121,15 @@ Subsystem sftp /usr/lib/openssh/sftp-server
Match User gitolite Match User gitolite
ForceCommand /usr/share/gitolite/gitolite-wrapper ForceCommand /usr/share/gitolite/gitolite-wrapper
<% end -%> <% end -%>
<%- if (@max_sessions != 'NOT DEFINED') then -%>
<%- if (@max_sessions <= 10) then -%>
# Allow fewer sessions
<%- else -%>
# Allow more sessions
<%- end -%>
MaxSessions <%= @max_sessions %>
<%- end -%>
<% if (@pam_duo) and (@rootloginwithpswd == 'no') then -%> <% if (@pam_duo) and (@rootloginwithpswd == 'no') then -%>
# Because we are enabling Duo but root logins cannot use Duo (yet), # Because we are enabling Duo but root logins cannot use Duo (yet),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment