From 1eabfe1b590f6663c2558f949408a08fc5f58fa6 Mon Sep 17 00:00:00 2001 From: kwadronaut Date: Fri, 8 Nov 2013 21:59:25 +0100 Subject: get ecdsa host keys in Debian Wheezy --- templates/sshd_config/Debian_wheezy.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/sshd_config/Debian_wheezy.erb b/templates/sshd_config/Debian_wheezy.erb index 70bb4bf..cdcebfe 100644 --- a/templates/sshd_config/Debian_wheezy.erb +++ b/templates/sshd_config/Debian_wheezy.erb @@ -24,6 +24,7 @@ Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes -- cgit v1.2.3 From 6b1044a0c741bdcf14c5ef501f61d422118d13ca Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 May 2014 16:42:59 -0400 Subject: add the ability to override the automatic inclusion of the sshd_client --- manifests/init.pp | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index f12918b..bccef83 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -33,13 +33,16 @@ class sshd( $tail_additional_options = '', $print_motd = 'yes', $manage_shorewall = false, - $shorewall_source = 'net' + $shorewall_source = 'net', + $manage_client = true, ) { - class{'sshd::client': - shared_ip => $sshd::shared_ip, - ensure_version => $sshd::ensure_version, - manage_shorewall => $manage_shorewall, + if $manage_client { + class{'sshd::client': + shared_ip => $sshd::shared_ip, + ensure_version => $sshd::ensure_version, + manage_shorewall => $manage_shorewall, + } } case $::operatingsystem { -- cgit v1.2.3 From 5c23b33200fc6229ada7f4e13672b5da0d4bdd8e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 May 2014 16:43:47 -0400 Subject: update $authorized_keys_file variable default to be the default is documented by sshd_config(5) --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index bccef83..c85d3d6 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -26,7 +26,7 @@ class sshd( $rhosts_rsa_authentication = 'no', $hostbased_authentication = 'no', $permit_empty_passwords = 'no', - $authorized_keys_file = '%h/.ssh/authorized_keys', + $authorized_keys_file = '%h/.ssh/authorized_keys %h/.ssh/authorized_keys2', $hardened_ssl = 'no', $sftp_subsystem = '', $head_additional_options = '', -- cgit v1.2.3