summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
diff options
context:
space:
mode:
Diffstat (limited to 'global/overlay/etc/puppet/modules/sunet/manifests/server.pp')
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/server.pp18
1 files changed, 18 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
index 72d8d49..875dc69 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
@@ -19,4 +19,22 @@ define sunet::server() {
# proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
# }
+ include augeas
+ augeas { "sshd_config":
+ context => "/files/etc/ssh/sshd_config",
+ changes => [
+ "set PasswordAuthentication no",
+ "set X11Forwarding no",
+ "set LogLevel VERBOSE", # log pubkey used for root login
+ ],
+ notify => Service['ssh'],
+ } ->
+ file_line {
+ 'no_sftp_subsystem':
+ path => '/etc/ssh/sshd_config',
+ match => 'Subsystem sftp /usr/lib/openssh/sftp-server',
+ line => '#Subsystem sftp /usr/lib/openssh/sftp-server',
+ notify => Service['ssh'],
+ }
+
}