Initial work on splitting sshd settings between source = debian.org and not

author Tollef Fog Heen <tfheen@err.no>

Sat, 13 Apr 2019 20:02:19 +0000 (22:02 +0200)

committer Tollef Fog Heen <tfheen@err.no>

Sat, 13 Apr 2019 20:02:22 +0000 (22:02 +0200)
author Tollef Fog Heen <tfheen@err.no>
Sat, 13 Apr 2019 20:02:19 +0000 (22:02 +0200)
committer Tollef Fog Heen <tfheen@err.no>
Sat, 13 Apr 2019 20:02:22 +0000 (22:02 +0200)
diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb

index e96591d..8463fe6 100644 (file)
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -49,6 +49,17 @@ AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userk
  
  PasswordAuthentication no
  
+Match Address <%=
+  allnodeinfo = scope.lookupvar('site::allnodeinfo')
+  dbs = []
+  allnodeinfo.keys.sort.each do |node|
+      next unless allnodeinfo[node].has_key?('ipHostNumber')
+      dbs << allnodeinfo[node]['ipHostNumber']
+  end
+  dbs.flatten.join(',')
+%>
+  Banner "You're coming from a debian.org host"
+
  Match Group sftponly
    AllowStreamLocalForwarding no
    AllowTCPForwarding no
author	Tollef Fog Heen <tfheen@err.no>
	Sat, 13 Apr 2019 20:02:19 +0000 (22:02 +0200)
committer	Tollef Fog Heen <tfheen@err.no>
	Sat, 13 Apr 2019 20:02:22 +0000 (22:02 +0200)