diff options
Diffstat (limited to 'global/overlay/etc')
-rw-r--r-- | global/overlay/etc/puppet/modules/sunet/manifests/server.pp | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp index 72d8d49..875dc69 100644 --- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp +++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp @@ -19,4 +19,22 @@ define sunet::server() { # proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :( # } + include augeas + augeas { "sshd_config": + context => "/files/etc/ssh/sshd_config", + changes => [ + "set PasswordAuthentication no", + "set X11Forwarding no", + "set LogLevel VERBOSE", # log pubkey used for root login + ], + notify => Service['ssh'], + } -> + file_line { + 'no_sftp_subsystem': + path => '/etc/ssh/sshd_config', + match => 'Subsystem sftp /usr/lib/openssh/sftp-server', + line => '#Subsystem sftp /usr/lib/openssh/sftp-server', + notify => Service['ssh'], + } + } |