aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOlivier Blin <dev@blino.org>2017-02-21 00:19:36 +0100
committerOlivier Blin <dev@blino.org>2017-02-21 00:21:18 +0100
commitaf5755008e0b640979d321bc2019e9c7be8fe194 (patch)
tree30c3d532ade44b973f3ffcfb154d8b611bf5a819
parentee3d1f0a13906b61054178ba1a396cf3d955f2bc (diff)
downloadpuppet-af5755008e0b640979d321bc2019e9c7be8fe194.tar
puppet-af5755008e0b640979d321bc2019e9c7be8fe194.tar.gz
puppet-af5755008e0b640979d321bc2019e9c7be8fe194.tar.bz2
puppet-af5755008e0b640979d321bc2019e9c7be8fe194.tar.xz
puppet-af5755008e0b640979d321bc2019e9c7be8fe194.zip
Remove unnecessary AllowGroups sshd restriction on rabbit
This is already covered by pam.d/system-auth, which only allows local users and authorized access classes. Otherwise, login fails: sshd[1234]: fatal: Access denied for user XXX by PAM account configuration [preauth]
-rw-r--r--modules/openssh/templates/sshd_config4
1 files changed, 0 insertions, 4 deletions
diff --git a/modules/openssh/templates/sshd_config b/modules/openssh/templates/sshd_config
index ebf595d4..9faa314b 100644
--- a/modules/openssh/templates/sshd_config
+++ b/modules/openssh/templates/sshd_config
@@ -126,7 +126,3 @@ Subsystem sftp <%= path_to_sftp %>/sftp-server
Match User *,!schedbot,!root,!git Group *,!mga-sysadmin
ForceCommand /usr/local/bin/sv_membersh.pl -c "$SSH_ORIGINAL_COMMAND"
<% end %>
-
-<% if @hostname == 'rabbit' then %>
-AllowGroups root mga-unrestricted_shell_access mga-iso_makers mga-sysadmin iurt
-<% end %>