From 5192863ac0323b97955b7388f1b6afd07c001744 Mon Sep 17 00:00:00 2001 From: Dana Merrick Date: Thu, 29 Jan 2015 14:04:07 -0800 Subject: [PATCH 1/3] Adding attributes to enable printing the MOTD. --- README.md | 2 ++ attributes/default.rb | 3 +++ templates/default/opensshd.conf.erb | 4 ++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9aec529..3db9ec9 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,8 @@ This cookbook provides secure ssh-client and ssh-server configurations. * `['ssh']['allow_tcp_forwarding']` - `false` to disable TCP Forwarding. Set to `true` to allow TCP Forwarding * `['ssh']['allow_agent_forwarding']` - `false` to disable Agent Forwarding. Set to `true` to allow Agent Forwarding * `['ssh']['use_pam']` - `false` to disable pam authentication +* `['ssh']['print_motd']` - `false` to disable printing of the MOTD +* `['ssh']['print_last_log']` - `false` to disable display of last login information ## Data Bags diff --git a/attributes/default.rb b/attributes/default.rb index e5cb653..d6bd7c6 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -61,3 +61,6 @@ default['ssh']['use_pam'] = false # sshd # set this to nil to let us detect the attribute based on the node platform default['ssh']['use_privilege_separation'] = nil +default['ssh']['print_motd'] = false # sshd +default['ssh']['print_last_log'] = false # sshd + diff --git a/templates/default/opensshd.conf.erb b/templates/default/opensshd.conf.erb index 2addaf9..2e75081 100644 --- a/templates/default/opensshd.conf.erb +++ b/templates/default/opensshd.conf.erb @@ -166,8 +166,8 @@ X11UseLocalhost yes # =================== -PrintMotd no -PrintLastLog no +PrintMotd <%= ((@node['ssh']['print_motd']) ? 'yes' : 'no' ) %> +PrintLastLog <%= ((@node['ssh']['print_last_log']) ? 'yes' : 'no' ) %> #Banner /etc/ssh/banner.txt #UseDNS yes #PidFile /var/run/sshd.pid From 98e8a742ada5f0f8e871551e98585b08fa25b4da Mon Sep 17 00:00:00 2001 From: Dana Merrick Date: Mon, 9 Feb 2015 11:57:18 -0800 Subject: [PATCH 2/3] Reordering attributes for aesthetic purposes. --- attributes/default.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index d6bd7c6..3b1bd79 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -59,8 +59,8 @@ default['ssh']['allow_tcp_forwarding'] = false # sshd default['ssh']['allow_agent_forwarding'] = false # sshd default['ssh']['use_pam'] = false # sshd -# set this to nil to let us detect the attribute based on the node platform -default['ssh']['use_privilege_separation'] = nil default['ssh']['print_motd'] = false # sshd default['ssh']['print_last_log'] = false # sshd +# set this to nil to let us detect the attribute based on the node platform +default['ssh']['use_privilege_separation'] = nil From a49e0dad1a7e50d729acfd10b9b992bbc4b37b51 Mon Sep 17 00:00:00 2001 From: Dana Merrick Date: Mon, 9 Feb 2015 18:01:03 -0800 Subject: [PATCH 3/3] Removing a newline to make Rubocop happy. Personally, I think files should end in newlines, and I thought Rubocop would enforce this... --- attributes/default.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/attributes/default.rb b/attributes/default.rb index 3b1bd79..b89ebe1 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -63,4 +63,3 @@ default['ssh']['print_last_log'] = false # sshd # set this to nil to let us detect the attribute based on the node platform default['ssh']['use_privilege_separation'] = nil -