From 231f3f2e471d7ecfc272d428a2116c90e3b176e8 Mon Sep 17 00:00:00 2001
From: Tollef Fog Heen <tfheen@err.no>
Date: Sat, 13 Apr 2019 22:02:19 +0200
Subject: [PATCH] Initial work on splitting sshd settings between source =
 debian.org and not

---
 modules/ssh/templates/sshd_config.erb | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
index e96591d37..8463fe600 100644
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -49,6 +49,17 @@ AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userk
 
 PasswordAuthentication no
 
+Match Address <%=
+  allnodeinfo = scope.lookupvar('site::allnodeinfo')
+  dbs = []
+  allnodeinfo.keys.sort.each do |node|
+      next unless allnodeinfo[node].has_key?('ipHostNumber')
+      dbs << allnodeinfo[node]['ipHostNumber']
+  end
+  dbs.flatten.join(',')
+%>
+  Banner "You're coming from a debian.org host"
+
 Match Group sftponly
   AllowStreamLocalForwarding no
   AllowTCPForwarding no
-- 
2.20.1