opendev/puppet-ssh
Code Issues Proposed changes

Add @trusted_ssh_type for user to override

Browse Source 
We need to expose the ability to override the type of match we want to
do. For example, we want to do match address 1.2.3.4 in sshd_config.

Change-Id: I28c5d71e62a62bd27f289a8bd70b235eac213e5c
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
Paul Belanger 2016-08-01 12:46:45 -04:00
parent 5d55606789
commit fa71d35cab
No known key found for this signature in database
GPG Key ID: 611A80832067AF38
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
manifests/init.pp
View File

@ -1,6 +1,7 @@
# == Class: ssh # == Class: ssh
# #
class ssh ( class ssh (
$trusted_ssh_type = 'host',
$trusted_ssh_source = 'puppetmaster.openstack.org', $trusted_ssh_source = 'puppetmaster.openstack.org',
$permit_root_login = 'no', $permit_root_login = 'no',
) { ) {

2
templates/sshd_config.erb
View File

@ -86,7 +86,7 @@ Subsystem sftp <%= scope.lookupvar('::ssh::params::sftp_path') %>
UsePAM yes UsePAM yes
# allow ansible connections from puppetmaster host # allow ansible connections from puppetmaster host
Match host <%= @trusted_ssh_source %> Match <%= @trusted_ssh_type %> <%= @trusted_ssh_source %>
PermitRootLogin without-password PermitRootLogin without-password
# allow ansible connections from localhost # allow ansible connections from localhost
Match host localhost Match host localhost