Restrict ssh access on rabbit

author: Pascal Terjan <pterjan@gmail.com> 2016-10-13 09:09:45 +0100
committer: Pascal Terjan <pterjan@gmail.com> 2016-10-13 09:10:04 +0100
commit: 18b4f718ba614d67979bf1b94078ab4d6e8aa259 (patch)
tree: 131454d9c844b1e1df44388698c4ae55e23e3d3e /modules/openssh/templates
parent: 27412705c151fd417df371b50c153d902b27c8b0 (diff)
download: puppet-18b4f718ba614d67979bf1b94078ab4d6e8aa259.tar
puppet-18b4f718ba614d67979bf1b94078ab4d6e8aa259.tar.gz
puppet-18b4f718ba614d67979bf1b94078ab4d6e8aa259.tar.bz2
puppet-18b4f718ba614d67979bf1b94078ab4d6e8aa259.tar.xz
puppet-18b4f718ba614d67979bf1b94078ab4d6e8aa259.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/openssh/templates/sshd_config b/modules/openssh/templates/sshd_config
index ba197164..19a56cfa 100644
--- a/modules/openssh/templates/sshd_config
+++ b/modules/openssh/templates/sshd_config
@@ -126,3 +126,7 @@ Subsystem	sftp	<%= path_to_sftp %>/sftp-server
 Match User *,!schedbot,!root,!git Group *,!mga-sysadmin
         ForceCommand /usr/local/bin/sv_membersh.pl -c "$SSH_ORIGINAL_COMMAND"
 <% end %>
+
+<% if @hostname == 'rabbit' then %>
+AllowGroups root mga-unrestricted_shell_access mga-iso_makers mga-sysadmin
+<% end %>
author	Pascal Terjan <pterjan@gmail.com>	2016-10-13 09:09:45 +0100
committer	Pascal Terjan <pterjan@gmail.com>	2016-10-13 09:10:04 +0100
commit	18b4f718ba614d67979bf1b94078ab4d6e8aa259 (patch)
tree	131454d9c844b1e1df44388698c4ae55e23e3d3e /modules/openssh/templates
parent	27412705c151fd417df371b50c153d902b27c8b0 (diff)
download	puppet-18b4f718ba614d67979bf1b94078ab4d6e8aa259.tar puppet-18b4f718ba614d67979bf1b94078ab4d6e8aa259.tar.gz puppet-18b4f718ba614d67979bf1b94078ab4d6e8aa259.tar.bz2 puppet-18b4f718ba614d67979bf1b94078ab4d6e8aa259.tar.xz puppet-18b4f718ba614d67979bf1b94078ab4d6e8aa259.zip