OP#575 finish password section
This commit is contained in:
@@ -33,6 +33,19 @@
|
|||||||
# Default is 'AUTH'.
|
# Default is 'AUTH'.
|
||||||
# @param [String] ssh_log_level LogLevel setting for sshd_config.
|
# @param [String] ssh_log_level LogLevel setting for sshd_config.
|
||||||
# Default is 'INFO'.
|
# Default is 'INFO'.
|
||||||
|
# @param [String] ssh_password_authentication PasswordAuthentication setting
|
||||||
|
# for sshd_config. Default is 'no', which requires key-based authentication.
|
||||||
|
# This is a recommended security setting, so passwords do not show up in logs,
|
||||||
|
# but can be set to 'yes' if password authentication is desired.
|
||||||
|
# @param [String] ssh_permit_empty_passwords PermitEmptyPasswords setting
|
||||||
|
# for sshd_config. Default is 'no', which is a recommended security setting
|
||||||
|
# and works in connection with key-based authentication, but can be set
|
||||||
|
# to 'yes' if password authentication should be allowed and empty passwords
|
||||||
|
# should be allowed. Again, this should be used with caution if enabled.
|
||||||
|
# @param [String] ssh_kbd_interactive_auth setting for sshd_config.
|
||||||
|
# Default is 'no', which is a recommended security setting together
|
||||||
|
# with password authentication, but can be set to 'yes' if
|
||||||
|
# keyboard-interactive authentication should be allowed. (not recommended)
|
||||||
##############################################################################
|
##############################################################################
|
||||||
class confdroid_ssh::params (
|
class confdroid_ssh::params (
|
||||||
|
|
||||||
@@ -62,7 +75,10 @@ class confdroid_ssh::params (
|
|||||||
String $ssh_hostkey_type = 'rsa',
|
String $ssh_hostkey_type = 'rsa',
|
||||||
String $ssh_rekeylimit = 'default none',
|
String $ssh_rekeylimit = 'default none',
|
||||||
String $ssh_syslog_facility = 'AUTH',
|
String $ssh_syslog_facility = 'AUTH',
|
||||||
String $ssh_log_level = 'INFO'
|
String $ssh_log_level = 'INFO',
|
||||||
|
String $ssh_password_authentication = 'no',
|
||||||
|
String $ssh_permit_empty_passwords = 'no',
|
||||||
|
String $ssh_kbd_interactive_auth = 'no'
|
||||||
|
|
||||||
) {
|
) {
|
||||||
# default facts
|
# default facts
|
||||||
|
|||||||
@@ -8,11 +8,9 @@
|
|||||||
Port <%= @ssh_fw_port %>
|
Port <%= @ssh_fw_port %>
|
||||||
AddressFamily <%= @ssh_address_family %>
|
AddressFamily <%= @ssh_address_family %>
|
||||||
ListenAddress <%= @ssh_listen_address %>
|
ListenAddress <%= @ssh_listen_address %>
|
||||||
|
|
||||||
<% if @ssh_use_specific_hostkey -%>
|
<% if @ssh_use_specific_hostkey -%>
|
||||||
HostKey /etc/ssh/ssh_host_<%= @ssh_hostkey_type %>_key
|
HostKey /etc/ssh/ssh_host_<%= @ssh_hostkey_type %>_key
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
|
||||||
RekeyLimit <%= @ssh_rekeylimit %>
|
RekeyLimit <%= @ssh_rekeylimit %>
|
||||||
|
|
||||||
SyslogFacility <%= @ssh_syslog_facility %>
|
SyslogFacility <%= @ssh_syslog_facility %>
|
||||||
@@ -30,4 +28,7 @@ AuthorizedPrincipalsFile <%= @ssh_authorized_principals_file %>
|
|||||||
AuthorizedKeysCommand <%= @ssh_authorized_keys_command %>
|
AuthorizedKeysCommand <%= @ssh_authorized_keys_command %>
|
||||||
AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %>
|
AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %>
|
||||||
|
|
||||||
# test
|
PasswordAuthentication <%= @ssh_password_authentication %>
|
||||||
|
PermitEmptyPasswords <%= @ssh_permit_empty_passwords %>
|
||||||
|
KbdInteractiveAuthentication <%= @ssh_kbd_interactive_auth %>
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user