Add @trusted_ssh_type for user to override

We need to expose the ability to override the type of match we want to
do. For example, we want to do match address 1.2.3.4 in sshd_config.

Change-Id: I28c5d71e62a62bd27f289a8bd70b235eac213e5c
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
Paul Belanger 2016-08-01 12:46:45 -04:00
parent 5d55606789
commit fa71d35cab
No known key found for this signature in database
GPG Key ID: 611A80832067AF38
2 changed files with 2 additions and 1 deletions

View File

@ -1,6 +1,7 @@
# == Class: ssh
#
class ssh (
$trusted_ssh_type = 'host',
$trusted_ssh_source = 'puppetmaster.openstack.org',
$permit_root_login = 'no',
) {

View File

@ -86,7 +86,7 @@ Subsystem sftp <%= scope.lookupvar('::ssh::params::sftp_path') %>
UsePAM yes
# allow ansible connections from puppetmaster host
Match host <%= @trusted_ssh_source %>
Match <%= @trusted_ssh_type %> <%= @trusted_ssh_source %>
PermitRootLogin without-password
# allow ansible connections from localhost
Match host localhost