Mike McGrath wrote:
> Also disabling sftp on fedorahosted boxes
> ---
> manifests/servergroups/hosted.pp | 1 +
> modules/ssh/manifests/init.pp | 6 ++++++
> modules/ssh/templates/sshd_config.erb | 2 +-
> 3 files changed, 8 insertions(+), 1 deletions(-)
>
> diff --git a/manifests/servergroups/hosted.pp b/manifests/servergroups/hosted.pp
> index 30142e2..24d3720 100644
> --- a/manifests/servergroups/hosted.pp
> +++ b/manifests/servergroups/hosted.pp
> @@ -4,6 +4,7 @@ class hosted {
> $restrictedApp = '/usr/bin/run-git'
> $sshd_config_PasswordAuthentication = 'no'
> $sshd_config_AllowTcpForwarding = 'no'
> + $sshd_config_sftp = '/bin/false'
> include global
> include hosted-server
> include fas::fas
> diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
> index 9c8b62d..4972851 100644
> --- a/modules/ssh/manifests/init.pp
> +++ b/modules/ssh/manifests/init.pp
> @@ -17,6 +17,12 @@ class ssh::sshd {
> default => $sshd_config_StrictModes
> }
>
> + $sshd_config_sftp = $sshd_config_sftp ? {
> + '' => "/usr/libexec/openssh/sftp-server",
> + default => $sshd_config_sftp
> + }
> +
> +
> file { "/etc/ssh/sshd_config":
> content => template("ssh/sshd_config.erb"),
> mode => 0600,
> diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
> index ea656ec..2e90a99 100644
> --- a/modules/ssh/templates/sshd_config.erb
> +++ b/modules/ssh/templates/sshd_config.erb
> @@ -116,4 +116,4 @@ X11Forwarding yes
> #Banner /some/path
>
> # override default of no subsystems
> -Subsystem sftp /usr/libexec/openssh/sftp-server
> +Subsystem sftp <%= sshd_config_sftp %>
+1
-Toshio
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
