add the sshd_rsa_authentication option, default set to no

diff --git a/manifests/init.pp b/manifests/init.pp
index 413c46a1eef81557ba31ffb0a72049857b8ca4d0..a58ee58ef7169f998e4a9571a0321d89f0be6816 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -55,6 +55,10 @@
 # sshd_pubkey_authentication:  If you want to enable public key authentication
 #                              Valid Values: yes or no
 #                              Default: yes
+#
+# sshd_rsa_authentication:     If you wat to enable RSA Authentication
+#                              Valid Values: yes or no
+#                              Default: no
 
 class sshd {
     include sshd::client 
@@ -105,6 +109,10 @@ class sshd::base {
        '' => 'no',
        default => $sshd_pubkey_authentication
     }
+    $real_sshd_rsa_authentication = $sshd_rsa_authentication ? {
+       '' => 'no',
+       default => $sshd_rsa_authentication
+    }
 
     file { 'sshd_config':
         path => '/etc/ssh/sshd_config',

diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb
index b0bea46ad41a673e0e8abdc2eaf09bed580ef8e3..a5c9c8900ea05694c04b7280065800cffce5e003 100644 (file)
--- a/templates/sshd_config/CentOS_normal.erb
+++ b/templates/sshd_config/CentOS_normal.erb
@@ -44,7 +44,12 @@ PermitRootLogin without-password
 #StrictModes yes
 #MaxAuthTries 6
 
-#RSAAuthentication yes
+<%- if real_sshd_rsa_authentication.to_s == 'yes' then %>
+RSAAuthentication yes
+<%- else %>
+RSAAuthentication no
+<%- end %>
+
 <%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %>
 PubkeyAuthentication yes
 <%- else %>

diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb
index d105ecc64afa0c91a9e5772a01fdfb2f5907763a..985840c1e21b6f64782a5120146b50a4fdf369eb 100644 (file)
--- a/templates/sshd_config/Debian_normal.erb
+++ b/templates/sshd_config/Debian_normal.erb
@@ -34,7 +34,12 @@ PermitRootLogin without-password
 <%- end %>
 StrictModes yes
 
+<%- if real_sshd_rsa_authentication.to_s == 'yes' then %>
 RSAAuthentication yes
+<%- else %>
+RSAAuthentication no
+<%- end %>
+
 <%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %>
 PubkeyAuthentication yes
 <%- else %>

diff --git a/templates/sshd_config/Gentoo_normal.erb b/templates/sshd_config/Gentoo_normal.erb
index 353875458c2848193d2ac175527b03df419d2cbb..ee27732d5975071fa7837c72f3d84c7c8ba80e6e 100644 (file)
--- a/templates/sshd_config/Gentoo_normal.erb
+++ b/templates/sshd_config/Gentoo_normal.erb
@@ -47,7 +47,12 @@ PermitRootLogin without-password
 <%- end %>
 #MaxAuthTries 6
 
-#RSAAuthentication yes
+<%- if real_sshd_rsa_authentication.to_s == 'yes' then %>
+RSAAuthentication yes
+<%- else %>
+RSAAuthentication no
+<%- end %>
+
 <%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %>
 PubkeyAuthentication yes
 <%- else %>

diff --git a/templates/sshd_config/OpenBSD_normal.erb b/templates/sshd_config/OpenBSD_normal.erb
index bee3548b7845a74ec4a7381ff747adf3e30364a3..3043922f05751cf633e255d673939c8bafb2582b 100644 (file)
--- a/templates/sshd_config/OpenBSD_normal.erb
+++ b/templates/sshd_config/OpenBSD_normal.erb
@@ -40,7 +40,12 @@ PermitRootLogin without-password
 #StrictModes yes
 #MaxAuthTries 6
 
-#RSAAuthentication yes
+<%- if real_sshd_rsa_authentication.to_s == 'yes' then %>
+RSAAuthentication yes
+<%- else %>
+RSAAuthentication no
+<%- end %>
+
 <%- if real_sshd_sshd_pubkey_authentication.to_s == 'yes' then %>
 PubkeyAuthentication yes
 <%- else %>