X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fssh%2Ftemplates%2Fsshd_config.erb;h=fb38fe034ff10314b976f6757764e0da2713079d;hb=3d94f8bca5eb74b1247f0825541bcc07906ac6da;hp=e96591d3777c3f116c3f4f2436c2c38cda1a6414;hpb=1c4462a9e0cae6d84dfb052f7152f9c8b425c8d7;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
index e96591d37..fb38fe034 100644
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -49,6 +49,28 @@ AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userk
 
 PasswordAuthentication no
 
+<%=
+  allnodeinfo = scope.lookupvar('site::allnodeinfo')
+  out = ''
+  settings = '#  Banner "You are coming from a debian.org host."'
+  allnodeinfo.keys.sort.each do |node|
+      next unless allnodeinfo[node].has_key?('ipHostNumber')
+      out += "# Match Address "
+      out += allnodeinfo[node]['ipHostNumber'].collect do |ipnum|
+          if ipnum =~ /:/
+              "#{ipnum}/128"
+          else
+              "#{ipnum}/32"
+          end
+      end.join(',')
+      out += " # #{node}"
+      out += "\n"
+      out += settings
+      out += "\n\n"
+  end
+  out
+%>
+
 Match Group sftponly
   AllowStreamLocalForwarding no
   AllowTCPForwarding no