summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2015-09-10 22:38:44 -0700
committerelijah <elijah@riseup.net>2015-09-10 22:38:44 -0700
commit818930af8a05dc44372b99f8e589527050120431 (patch)
treeef599d9a1a47915ede942b27a2b353141f710445 /puppet/modules
parentd113bf1b2cd3cb6a94fbe20aa711bf9b9b93286f (diff)
sshd: let nodes change default AllowTcpForwarding
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/site_sshd/manifests/init.pp18
1 files changed, 10 insertions, 8 deletions
diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp
index 1da2f1d5..170be32c 100644
--- a/puppet/modules/site_sshd/manifests/init.pp
+++ b/puppet/modules/site_sshd/manifests/init.pp
@@ -1,6 +1,7 @@
class site_sshd {
- $ssh = hiera_hash('ssh')
- $hosts = hiera('hosts', '')
+ $ssh = hiera_hash('ssh')
+ $ssh_config = $ssh['config']
+ $hosts = hiera('hosts', '')
##
## SETUP AUTHORIZED KEYS
@@ -52,11 +53,12 @@ class site_sshd {
## SSHD SERVER CONFIGURATION
##
class { '::sshd':
- manage_nagios => false,
- ports => [ $ssh['port'] ],
- use_pam => 'yes',
- hardened_ssl => 'yes',
- print_motd => 'no',
- manage_client => false
+ manage_nagios => false,
+ ports => [ $ssh['port'] ],
+ use_pam => 'yes',
+ hardened_ssl => 'yes',
+ print_motd => 'no',
+ tcp_forwarding => $ssh_config['AllowTcpForwarding'],
+ manage_client => false
}
}