Permalink
Browse files

update sshd_config for jenkins and add as7 cart for Fedora

  • Loading branch information...
1 parent 631ba65 commit 9f3a4c84ab61eb26083d0197c6390cb7e9a164f8 @bdecoste bdecoste committed Apr 4, 2013
Showing with 31 additions and 25 deletions.
  1. +17 −8 manifests/node.pp
  2. +14 −17 templates/node/sshd_config.erb
View
@@ -128,6 +128,15 @@
mode => '0644',
}
+ file { 'node sshd config':
+ ensure => present,
+ path => '/etc/ssh/sshd_config',
+ content => template('openshift_origin/node/sshd_config.erb'),
+ owner => 'root',
+ group => 'root',
+ mode => '0600',
+ }
+
if !defined(File['mcollective client config']) {
file { 'mcollective client config':
ensure => present,
@@ -351,15 +360,15 @@
mode => '0644',
}
- $printf = $::operatingsystem ? {
- 'Fedora' => '/bin/printf "\nAcceptEnv GIT_SSH\n" >> "/etc/ssh/sshd_config"',
- default => '/usr/bin/printf "\nAcceptEnv GIT_SSH\n" >> "/etc/ssh/sshd_config"'
- }
+# $printf = $::operatingsystem ? {
+# 'Fedora' => '/bin/printf "\nAcceptEnv GIT_SSH\n" >> "/etc/ssh/sshd_config"',
+# default => '/usr/bin/printf "\nAcceptEnv GIT_SSH\n" >> "/etc/ssh/sshd_config"'
+# }
- exec { 'Update sshd configs':
- command => $printf,
- unless => '/bin/grep -qFx \'AcceptEnv GIT_SSH\' \'/etc/ssh/sshd_config\''
- }
+# exec { 'Update sshd configs':
+# command => $printf,
+# unless => '/bin/grep -qFx \'AcceptEnv GIT_SSH\' \'/etc/ssh/sshd_config\''
+# }
if $::openshift_origin::enable_network_services == true {
service { 'crond':
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -42,11 +42,11 @@ SyslogFacility AUTHPRIV
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
-MaxSessions 40
+#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
-#AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody
@@ -63,7 +63,7 @@ MaxSessions 40
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
-PasswordAuthentication yes
+PasswordAuthentication no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
@@ -74,7 +74,6 @@ ChallengeResponseAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
-#KerberosUseKuserok yes
# GSSAPI options
#GSSAPIAuthentication no
@@ -100,13 +99,12 @@ UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
-AcceptEnv XMODIFIERS
+AcceptEnv XMODIFIERS GIT_SSH
#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
+AllowTcpForwarding yes
+GatewayPorts clientspecified
#X11Forwarding no
-X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
@@ -121,21 +119,20 @@ X11Forwarding yes
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
-MaxStartups 40
+MaxStartups 200
#PermitTunnel no
#ChrootDirectory none
# no default banner path
#Banner none
# override default of no subsystems
-Subsystem sftp /usr/libexec/openssh/sftp-server
+Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# ForceCommand cvs server
-
-AcceptEnv GIT_SSH
-
+# X11Forwarding no
+# AllowTcpForwarding no
+# ForceCommand cvs server
+UseDNS no
+PermitRootLogin without-password

0 comments on commit 9f3a4c8

Please sign in to comment.