Merge branch 'jenkins-build-20' into 'master'

Auto-merge for build 20

See merge request puppet/confdroid_ssh!20

doc/puppet_classes/confdroid_ssh_3A_3Aparams.html

@@ -520,60 +520,6 @@
         —
         <div class='inline'>
 <p>LogLevel setting for sshd_config. Default is ‘INFO’.</p>
-</div>
-      
-    </li>
-  
-    <li>
-      
-        <span class='name'>ssh_password_authentication</span>
-      
-      
-        <span class='type'>(<tt>String</tt>)</span>
-      
-      
-        <em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
-      
-      
-        &mdash;
-        <div class='inline'>
-<p>PasswordAuthentication setting for sshd_config. Default is ‘no’, which requires key-based authentication. This is a recommended security setting, so passwords do not show up in logs, but can be set to ‘yes’ if password authentication is desired.</p>
-</div>
-      
-    </li>
-  
-    <li>
-      
-        <span class='name'>ssh_permit_empty_passwords</span>
-      
-      
-        <span class='type'>(<tt>String</tt>)</span>
-      
-      
-        <em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
-      
-      
-        &mdash;
-        <div class='inline'>
-<p>PermitEmptyPasswords setting for sshd_config. Default is ‘no’, which is a recommended security setting and works in connection with key-based authentication, but can be set to ‘yes’ if password authentication should be allowed and empty passwords should be allowed. Again, this should be used with caution if enabled.</p>
-</div>
-      
-    </li>
-  
-    <li>
-      
-        <span class='name'>ssh_kbd_interactive_auth</span>
-      
-      
-        <span class='type'>(<tt>String</tt>)</span>
-      
-      
-        <em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
-      
-      
-        &mdash;
-        <div class='inline'>
-<p>setting for sshd_config. Default is ‘no’, which is a recommended security setting together with password authentication, but can be set to ‘yes’ if keyboard-interactive authentication should be allowed. (not recommended)</p>
 </div>
       
     </li>
@@ -589,6 +535,19 @@
         <pre class="lines">
 
 
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
 50
 51
 52
@@ -626,26 +585,10 @@
 84
 85
 86
-87
-88
-89
-90
-91
-92
-93
-94
-95
-96
-97
-98
-99
-100
-101
-102
-103</pre>
+87</pre>
       </td>
       <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 50</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 37</span>
 
 class confdroid_ssh::params (
 
@@ -675,10 +618,7 @@ class confdroid_ssh::params (
   String  $ssh_hostkey_type                 = &#39;rsa&#39;,
   String  $ssh_rekeylimit                   = &#39;default none&#39;,
   String  $ssh_syslog_facility              = &#39;AUTH&#39;,
-  String  $ssh_log_level                    = &#39;INFO&#39;,
-  String  $ssh_password_authentication      = &#39;no&#39;,
-  String  $ssh_permit_empty_passwords       = &#39;no&#39;,
-  String  $ssh_kbd_interactive_auth         = &#39;no&#39;
+  String  $ssh_log_level                    = &#39;INFO&#39;
 
 ) {
 # default facts

manifests/params.pp

@@ -33,19 +33,6 @@
 #   Default is 'AUTH'.
 # @param [String] ssh_log_level LogLevel setting for sshd_config.
 #   Default is 'INFO'.
-# @param [String] ssh_password_authentication PasswordAuthentication setting 
-#   for sshd_config. Default is 'no', which requires key-based authentication.
-#   This is a recommended security setting, so passwords do not show up in logs, 
-#   but can be set to 'yes' if password authentication is desired.
-# @param [String] ssh_permit_empty_passwords PermitEmptyPasswords setting 
-#   for sshd_config. Default is 'no', which is a recommended security setting 
-#   and works  in connection with key-based authentication, but can be set 
-#   to 'yes' if password authentication should be allowed and empty passwords 
-#   should be allowed. Again, this should be used with caution if enabled.
-# @param [String] ssh_kbd_interactive_auth setting for sshd_config.
-#   Default is 'no', which is a recommended security setting together 
-#   with password authentication, but can be set to 'yes' if 
-#   keyboard-interactive authentication should be allowed. (not recommended)
 ##############################################################################
 class confdroid_ssh::params (
 
@@ -75,10 +62,7 @@ class confdroid_ssh::params (
   String  $ssh_hostkey_type                 = 'rsa',
   String  $ssh_rekeylimit                   = 'default none',
   String  $ssh_syslog_facility              = 'AUTH',
-  String  $ssh_log_level                    = 'INFO',
-  String  $ssh_password_authentication      = 'no',
-  String  $ssh_permit_empty_passwords       = 'no',
-  String  $ssh_kbd_interactive_auth         = 'no'
+  String  $ssh_log_level                    = 'INFO'
 
 ) {
 # default facts

templates/sshd_custom_conf.erb

@@ -8,9 +8,11 @@
 Port <%= @ssh_fw_port %>
 AddressFamily <%= @ssh_address_family %>
 ListenAddress <%= @ssh_listen_address %> 
+
 <% if @ssh_use_specific_hostkey -%>
 HostKey /etc/ssh/ssh_host_<%= @ssh_hostkey_type %>_key
 <% end -%>
+
 RekeyLimit <%= @ssh_rekeylimit %>
 
 SyslogFacility <%= @ssh_syslog_facility %>
@@ -28,7 +30,4 @@ AuthorizedPrincipalsFile <%= @ssh_authorized_principals_file %>
 AuthorizedKeysCommand <%= @ssh_authorized_keys_command %>
 AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %>
 
-PasswordAuthentication <%= @ssh_password_authentication %>
-PermitEmptyPasswords <%= @ssh_permit_empty_passwords %>
-KbdInteractiveAuthentication <%= @ssh_kbd_interactive_auth %>
-
+# test