Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

update sshd_config for jenkins and add as7 cart for Fedora #44

Merged
merged 1 commit into from

3 participants

@bdecoste

No description provided.

@bdecoste

[test]

@openshift-bot
Collaborator

Evaluated for origin up to 9f3a4c8

@kraman kraman merged commit 5335779 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 31 additions and 25 deletions.
  1. +17 −8 manifests/node.pp
  2. +14 −17 templates/node/sshd_config.erb
View
25 manifests/node.pp
@@ -128,6 +128,15 @@
mode => '0644',
}
+ file { 'node sshd config':
+ ensure => present,
+ path => '/etc/ssh/sshd_config',
+ content => template('openshift_origin/node/sshd_config.erb'),
+ owner => 'root',
+ group => 'root',
+ mode => '0600',
+ }
+
if !defined(File['mcollective client config']) {
file { 'mcollective client config':
ensure => present,
@@ -351,15 +360,15 @@
mode => '0644',
}
- $printf = $::operatingsystem ? {
- 'Fedora' => '/bin/printf "\nAcceptEnv GIT_SSH\n" >> "/etc/ssh/sshd_config"',
- default => '/usr/bin/printf "\nAcceptEnv GIT_SSH\n" >> "/etc/ssh/sshd_config"'
- }
+# $printf = $::operatingsystem ? {
+# 'Fedora' => '/bin/printf "\nAcceptEnv GIT_SSH\n" >> "/etc/ssh/sshd_config"',
+# default => '/usr/bin/printf "\nAcceptEnv GIT_SSH\n" >> "/etc/ssh/sshd_config"'
+# }
- exec { 'Update sshd configs':
- command => $printf,
- unless => '/bin/grep -qFx \'AcceptEnv GIT_SSH\' \'/etc/ssh/sshd_config\''
- }
+# exec { 'Update sshd configs':
+# command => $printf,
+# unless => '/bin/grep -qFx \'AcceptEnv GIT_SSH\' \'/etc/ssh/sshd_config\''
+# }
if $::openshift_origin::enable_network_services == true {
service { 'crond':
View
31 templates/node/sshd_config.erb
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -42,11 +42,11 @@ SyslogFacility AUTHPRIV
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
-MaxSessions 40
+#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
-#AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody
@@ -63,7 +63,7 @@ MaxSessions 40
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
-PasswordAuthentication yes
+PasswordAuthentication no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
@@ -74,7 +74,6 @@ ChallengeResponseAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
-#KerberosUseKuserok yes
# GSSAPI options
#GSSAPIAuthentication no
@@ -100,13 +99,12 @@ UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
-AcceptEnv XMODIFIERS
+AcceptEnv XMODIFIERS GIT_SSH
#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
+AllowTcpForwarding yes
+GatewayPorts clientspecified
#X11Forwarding no
-X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
@@ -121,7 +119,7 @@ X11Forwarding yes
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
-MaxStartups 40
+MaxStartups 200
#PermitTunnel no
#ChrootDirectory none
@@ -129,13 +127,12 @@ MaxStartups 40
#Banner none
# override default of no subsystems
-Subsystem sftp /usr/libexec/openssh/sftp-server
+Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# ForceCommand cvs server
-
-AcceptEnv GIT_SSH
-
+# X11Forwarding no
+# AllowTcpForwarding no
+# ForceCommand cvs server
+UseDNS no
+PermitRootLogin without-password
Something went wrong with that request. Please try again.