diff options
Diffstat (limited to 'modules/openssh')
-rwxr-xr-x | modules/openssh/templates/ldap-sshkey2file.py | 8 | ||||
-rw-r--r-- | modules/openssh/templates/sshd_config | 15 |
2 files changed, 4 insertions, 19 deletions
diff --git a/modules/openssh/templates/ldap-sshkey2file.py b/modules/openssh/templates/ldap-sshkey2file.py index 6718b053..934e2865 100755 --- a/modules/openssh/templates/ldap-sshkey2file.py +++ b/modules/openssh/templates/ldap-sshkey2file.py @@ -15,7 +15,7 @@ except ImportError: print("Please install python-ldap before running this program") sys.exit(1) -basedn = "<%= dc_suffix %>" +basedn = "<%= @dc_suffix %>" peopledn = f"ou=people,{basedn}" <%- ldap_servers.map! { |l| "'ldaps://#{l}'" } @@ -24,9 +24,9 @@ uris = [<%= ldap_servers.join(", ") %>] random.shuffle(uris) uri = " ".join(uris) timeout = 5 -binddn = f"cn=<%= fqdn %>,ou=Hosts,{basedn}" -ldap_secret_file = "<%= ldap_pwfile %>" -nslcd_conf_file = "<%= nslcd_conf_file %>" +binddn = f"cn=<%= @fqdn %>,ou=Hosts,{basedn}" +ldap_secret_file = "<%= @ldap_pwfile %>" +nslcd_conf_file = "<%= @nslcd_conf_file %>" # filter out disabled accounts also # too bad uidNumber doesn't support >= filters objfilter = "(&(objectClass=inetOrgPerson)(objectClass=ldapPublicKey)(objectClass=posixAccount)(sshPublicKey=*))" diff --git a/modules/openssh/templates/sshd_config b/modules/openssh/templates/sshd_config index 43c3f9c5..56ddd725 100644 --- a/modules/openssh/templates/sshd_config +++ b/modules/openssh/templates/sshd_config @@ -18,18 +18,10 @@ # The default requires explicit activation of protocol 1 #Protocol 2 -<% if scope.function_versioncmp([lsbdistrelease, '6']) < 0 -%> -# HostKey for protocol version 1 -HostKey /etc/ssh/ssh_host_key -<% end %> # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key -<% if scope.function_versioncmp([lsbdistrelease, '6']) < 0 -%> -HostKey /etc/ssh/ssh_host_dsa_key -<% else %> HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key -<% end %> # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h @@ -106,9 +98,6 @@ X11Forwarding yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -<% if scope.function_versioncmp([lsbdistrelease, '6']) < 0 -%> -UsePrivilegeSeparation yes -<% end %> #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -123,11 +112,7 @@ UsePrivilegeSeparation yes #Banner none # override default of no subsystems -<% if scope.function_versioncmp([lsbdistrelease, '6']) < 0 -%> -Subsystem sftp <%= path_to_sftp %>/sftp-server -<% else %> Subsystem sftp /usr/libexec/openssh/sftp-server -<% end %> # Example of overriding settings on a per-user basis #Match User anoncvs |