Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Allow mga-unrestricted_shell_access group login on duvel | Olivier Blin | 2017-02-21 | 1 | -1/+1 |
| | | | | Also-by: Dan Fandrich <dan@coneharvesters.com> | ||||
* | Remove unnecessary AllowGroups sshd restriction on rabbit | Olivier Blin | 2017-02-21 | 1 | -4/+0 |
| | | | | | | | | This is already covered by pam.d/system-auth, which only allows local users and authorized access classes. Otherwise, login fails: sshd[1234]: fatal: Access denied for user XXX by PAM account configuration [preauth] | ||||
* | Disable password for ssh on all machines | Pascal Terjan | 2016-10-13 | 1 | -1/+1 |
| | |||||
* | Allow iurt to ssh to rabbit | Pascal Terjan | 2016-10-13 | 1 | -1/+1 |
| | |||||
* | Restrict ssh access on rabbit | Pascal Terjan | 2016-10-13 | 1 | -0/+4 |
| | |||||
* | Allow members of mga-sysadmin to log in via ssh | Dan Fandrich | 2016-02-19 | 1 | -1/+1 |
| | | | | | This only works on hosts where users' ssh keys are copied, namely those including openssh::ssh_keys_from_ldap | ||||
* | openssh: do not force command for git user | Olivier Blin | 2016-02-07 | 1 | -1/+2 |
| | | | | | The "gitolite <username>" is already set in /var/lib/git/.ssh/authorized_keys, and we do not want to override it. | ||||
* | openssh: fix forcing sv_membersh command | Olivier Blin | 2016-02-07 | 1 | -1/+1 |
| | | | | | | | | | | The following rule did not work as intended: Match User !schedbot User !root This one does (with a leading wildcard): Match User *,!schedbot,!root See http://superuser.com/questions/952235/why-arent-my-negative-matches-working | ||||
* | Force sv_membersh.pl in ssh on duvel | Pascal Terjan | 2016-02-07 | 1 | -0/+4 |
| | | | | | That way we don't need to have it as default shell for everyone on the machine It should probably not hardcode duvel though | ||||
* | disable tcp forwarding, so people cannot use our svn server to bounce to ↵ | Michael Scherer | 2011-01-07 | 1 | -1/+1 |
| | | | | others server | ||||
* | the previous trick didn't work as tags are dependent in the order of | Michael Scherer | 2010-11-23 | 1 | -4/+0 |
| | | | | declaration ( and that's bad (tm) ). This one is safer. | ||||
* | move the ldap key from ssh logic to openssh module ( more logical ), and add ↵ | Michael Scherer | 2010-11-23 | 1 | -0/+5 |
| | | | | the hook in openssh config file | ||||
* | - use pam for openssh ( I am not sure if we need to restrict its use | Michael Scherer | 2010-11-23 | 1 | -1/+1 |
| | | | | only on ldap hosts ) | ||||
* | - add openssh module | Michael Scherer | 2010-10-26 | 1 | -0/+122 |