From: Peter Palfrader Date: Mon, 8 Nov 2010 12:32:03 +0000 (+0100) Subject: Make ssh_config a template X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=4787bbcdefd4b94330746589d40808d5ce02ff9e;p=mirror%2Fdsa-puppet.git Make ssh_config a template --- diff --git a/modules/ssh/files/ssh_config b/modules/ssh/files/ssh_config deleted file mode 100644 index 1ae92b5cc..000000000 --- a/modules/ssh/files/ssh_config +++ /dev/null @@ -1,51 +0,0 @@ -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -Host * -# ForwardAgent no -# ForwardX11 no -# ForwardX11Trusted yes -# RhostsRSAAuthentication no -# RSAAuthentication yes -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# GSSAPIKeyExchange no -# GSSAPITrustDNS no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no - SendEnv LANG LC_* - HashKnownHosts no - GSSAPIAuthentication no - GSSAPIDelegateCredentials no - VerifyHostKeyDNS yes diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp index 271c8bdff..a91618888 100644 --- a/modules/ssh/manifests/init.pp +++ b/modules/ssh/manifests/init.pp @@ -5,7 +5,7 @@ class ssh { } file { "/etc/ssh/ssh_config": - source => [ "puppet:///modules/ssh/ssh_config" ], + content => template("ssh/ssh_config.erb"), require => Package["openssh-client"] ; "/etc/ssh/sshd_config": diff --git a/modules/ssh/templates/ssh_config.erb b/modules/ssh/templates/ssh_config.erb new file mode 100644 index 000000000..1ae92b5cc --- /dev/null +++ b/modules/ssh/templates/ssh_config.erb @@ -0,0 +1,51 @@ +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +Host * +# ForwardAgent no +# ForwardX11 no +# ForwardX11Trusted yes +# RhostsRSAAuthentication no +# RSAAuthentication yes +# PasswordAuthentication yes +# HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no +# GSSAPIKeyExchange no +# GSSAPITrustDNS no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity +# IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa +# Port 22 +# Protocol 2,1 +# Cipher 3des +# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no + SendEnv LANG LC_* + HashKnownHosts no + GSSAPIAuthentication no + GSSAPIDelegateCredentials no + VerifyHostKeyDNS yes