diff options
author | elijah <elijah@riseup.net> | 2015-09-10 22:38:44 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2015-09-10 22:38:44 -0700 |
commit | 818930af8a05dc44372b99f8e589527050120431 (patch) | |
tree | ef599d9a1a47915ede942b27a2b353141f710445 /puppet/modules | |
parent | d113bf1b2cd3cb6a94fbe20aa711bf9b9b93286f (diff) |
sshd: let nodes change default AllowTcpForwarding
Diffstat (limited to 'puppet/modules')
-rw-r--r-- | puppet/modules/site_sshd/manifests/init.pp | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp index 1da2f1d5..170be32c 100644 --- a/puppet/modules/site_sshd/manifests/init.pp +++ b/puppet/modules/site_sshd/manifests/init.pp @@ -1,6 +1,7 @@ class site_sshd { - $ssh = hiera_hash('ssh') - $hosts = hiera('hosts', '') + $ssh = hiera_hash('ssh') + $ssh_config = $ssh['config'] + $hosts = hiera('hosts', '') ## ## SETUP AUTHORIZED KEYS @@ -52,11 +53,12 @@ class site_sshd { ## SSHD SERVER CONFIGURATION ## class { '::sshd': - manage_nagios => false, - ports => [ $ssh['port'] ], - use_pam => 'yes', - hardened_ssl => 'yes', - print_motd => 'no', - manage_client => false + manage_nagios => false, + ports => [ $ssh['port'] ], + use_pam => 'yes', + hardened_ssl => 'yes', + print_motd => 'no', + tcp_forwarding => $ssh_config['AllowTcpForwarding'], + manage_client => false } } |