From: Tollef Fog Heen <tfheen@err.no>
Date: Sat, 13 Apr 2019 20:02:19 +0000 (+0200)
Subject: Initial work on splitting sshd settings between source = debian.org and not
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=231f3f2e471d7ecfc272d428a2116c90e3b176e8;p=mirror%2Fdsa-puppet.git

Initial work on splitting sshd settings between source = debian.org and not
---

diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
index e96591d37..8463fe600 100644
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -49,6 +49,17 @@ AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userk
 
 PasswordAuthentication no
 
+Match Address <%=
+  allnodeinfo = scope.lookupvar('site::allnodeinfo')
+  dbs = []
+  allnodeinfo.keys.sort.each do |node|
+      next unless allnodeinfo[node].has_key?('ipHostNumber')
+      dbs << allnodeinfo[node]['ipHostNumber']
+  end
+  dbs.flatten.join(',')
+%>
+  Banner "You're coming from a debian.org host"
+
 Match Group sftponly
   AllowStreamLocalForwarding no
   AllowTCPForwarding no