Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity
Files
ecd20d7c8a484868c40e2b759d89bafe6dc0c992
gitea-pages/admin-guide/puppet/profiles/ssh_server.rst

64 lines
2.0 KiB
ReStructuredText
Raw Blame History

``profile::ssh_server``
=======================
This profile configures :manpage:`sshd(8)`.
Parameters
----------
==================== ======== =============================================
**Name** **Type** **Default**
-------------------- -------- ---------------------------------------------
enable_public_key bool hiera('ssh_server::enable_public_key', true)
enable_gssapi bool hiera('ssh_server::enable_gssapi')
permit_root_login string hiera('ssh_server::permit_root_login')
trusted_user_ca_keys list hiera('ssh_server::trusted_user_ca_keys', [])
user_ca_keys hash hiera('ssh_server::user_ca_keys', {})
banner_file string hiera('ssh_server::banner_file', undef),
aliases list hiera_array('ssh_server::aliases', []),
==================== ======== =============================================
``enable_public_key``
~~~~~~~~~~~~~~~~~~~~~
A boolean determining whether public key authentication is enabled or not for normal users.
Note that ``root`` is still allowed to connect using public key authentication. Here you may block root login with ``ssh_server::permit_root_login`` or restrict from where to allow root login (see bastion hosts ``aaa::bastions`` and ``aaa::use_bastions``).
``enable_gssapi``
~~~~~~~~~~~~~~~~~
A boolean determining whether GSSAPI authentication is enabled or not.
``permit_root_login``
~~~~~~~~~~~~~~~~~~~~~
Sets ``PermitRootLogin`` in the sshd configuration file.
``trusted_user_ca_keys``
~~~~~~~~~~~~~~~~~~~~~~~~
An array containing the user CA keys that will be accepted (as understood by the
``TrustedUserCAKeys`` directive in :manpage:`sshd_config(5)`).
``user_ca_keys``
~~~~~~~~~~~~~~~~
A hash containing the actual keys to be referenced by `trusted_user_ca_keys`_.
``banner_file``
~~~~~~~~~~~~~~~
Where to find a custom banner file on the system.
``aliases``
~~~~~~~~~~~
Adds alternative names/aliases under which this system can be reached too to the principal list of the SSH server host key certificate.
View Git Blame Copy Permalink