opendev/system-config
Code Issues Proposed changes

Fix the sshd config to for inbound ansible

Browse Source 
The ssh keys were changed to not tie to a forced-command, but the
sshd config was missed.

Change-Id: I889f7983d0e7d0e1b48d825c7d63cf678782d169
This commit is contained in:
Monty Taylor 2014-07-04 10:48:12 -07:00
parent 034f37c32a
commit c21ec94066
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
modules/ssh/templates/sshd_config.erb
View File

@ -23,7 +23,7 @@ LogLevel INFO
# Authentication: # Authentication:
LoginGraceTime 120 LoginGraceTime 120
PermitRootLogin forced-commands-only PermitRootLogin no
StrictModes yes StrictModes yes
RSAAuthentication yes RSAAuthentication yes
@ -84,3 +84,10 @@ Subsystem sftp <%= scope.lookupvar('::ssh::params::sftp_path') %>
# PAM authentication, then enable this but set PasswordAuthentication # PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'. # and ChallengeResponseAuthentication to 'no'.
UsePAM yes UsePAM yes
# allow ansible connections from puppetmaster host
Match host ci-puppetmaster.openstack.org
PermitRootLogin without-password
Match host puppetmaster.openstack.org
PermitRootLogin without-password