Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/172804
Change subject: ssh server: make PermitRootLogin configurable
......................................................................
ssh server: make PermitRootLogin configurable
Change-Id: I2ff3755b5c0842aae0367d63a25a079aace1a509
---
M modules/ssh/manifests/server.pp
M modules/ssh/templates/sshd_config.erb
2 files changed, 6 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/04/172804/1
diff --git a/modules/ssh/manifests/server.pp b/modules/ssh/manifests/server.pp
index 985e486..9200077 100644
--- a/modules/ssh/manifests/server.pp
+++ b/modules/ssh/manifests/server.pp
@@ -1,6 +1,7 @@
class ssh::server (
$listen_port = '22',
$listen_addr = 'ALL',
+ $permit_root = true,
) {
package { 'openssh-server':
ensure => latest;
diff --git a/modules/ssh/templates/sshd_config.erb
b/modules/ssh/templates/sshd_config.erb
index 318a5ef..c6087f2 100644
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -28,7 +28,12 @@
# Authentication:
LoginGraceTime 120
+<% if @permit_root %>
PermitRootLogin yes
+<% else %>
+PermitRootLogin no
+<% end %>
+
StrictModes yes
RSAAuthentication yes
--
To view, visit https://gerrit.wikimedia.org/r/172804
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2ff3755b5c0842aae0367d63a25a079aace1a509
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
