add the variable sshd_authorized_keys_file with the default set to the normal: %h...

diff --git a/manifests/init.pp b/manifests/init.pp
index c2f318c83ffcbe05115500423c8a2b6b8bf3162e..484103854dcc502cea8789b3312a1a50ec484a7b 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -83,6 +83,10 @@
 #
 # sshd_port:                    If you want to specify a different port than the default 22
 #                               Default: 22
+#
+# sshd_authorized_keys_file:    Set this to the location of the AuthorizedKeysFile (e.g. /etc/ssh/authorized_keys/%u)
+#                               Default: AuthorizedKeysFile    %h/.ssh/authorized_keys
+#
 
 class sshd {
     include sshd::client 
@@ -165,7 +169,11 @@ class sshd::base {
       '' => 22,
       default => $sshd_port
     }
-    
+    $real_sshd_authorized_keys_file = $sshd_authorized_keys_file ? {
+      '' => "%h/.ssh/authorized_keys",
+      default => $sshd_authorized_keys_file
+    }
+      
     file { 'sshd_config':
         path => '/etc/ssh/sshd_config',
         owner => root,

diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb
index 3217b4e3854438eca0004b13579afb73a610d6cc..3ec0f41c72707a690e945d003f12f3f0cbc6b5ef 100644 (file)
--- a/templates/sshd_config/CentOS_normal.erb
+++ b/templates/sshd_config/CentOS_normal.erb
@@ -66,7 +66,12 @@ PubkeyAuthentication yes
 <%- else %>
 PubkeyAuthentication no
 <%- end %>
-#AuthorizedKeysFile    .ssh/authorized_keys
+
+<%- unless real_sshd_authorized_keys_file.to_s.empty? then %>
+AuthorizedKeysFile <%= real_sshd_authorized_keys_file %>
+<%- else %>
+AuthorizedKeysFile %h/.ssh/authorized_keys
+<%- end %>
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>

diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb
index 7cdb5f261bdd6c4b076e7ed3964ef730f7603e0d..a1e1ece097d4e98246fdd5036b273bfff90095f2 100644 (file)
--- a/templates/sshd_config/Debian_normal.erb
+++ b/templates/sshd_config/Debian_normal.erb
@@ -57,7 +57,11 @@ PubkeyAuthentication yes
 PubkeyAuthentication no
 <%- end %>
 
-#AuthorizedKeysFile    %h/.ssh/authorized_keys
+<%- unless real_sshd_authorized_keys_file.to_s.empty? then %>
+AuthorizedKeysFile <%= real_sshd_authorized_keys_file %>
+<%- else %>
+AuthorizedKeysFile %h/.ssh/authorized_keys
+<%- end %>
 
 # For this to work you will also need host keys in /etc/ssh_known_hosts
 <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>

diff --git a/templates/sshd_config/Gentoo_normal.erb b/templates/sshd_config/Gentoo_normal.erb
index c8e2ee1117fe88bd8275a9b601d319faa2356068..4acfb40e66357c8552488b3943fbd14955a9c450 100644 (file)
--- a/templates/sshd_config/Gentoo_normal.erb
+++ b/templates/sshd_config/Gentoo_normal.erb
@@ -69,7 +69,12 @@ PubkeyAuthentication yes
 <%- else %>
 PubkeyAuthentication no
 <%- end %>
-#AuthorizedKeysFile    .ssh/authorized_keys
+
+<%- unless real_sshd_authorized_keys_file.to_s.empty? then %>
+AuthorizedKeysFile <%= real_sshd_authorized_keys_file %>
+<%- else %>
+AuthorizedKeysFile %h/.ssh/authorized_keys
+<%- end %>
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>

diff --git a/templates/sshd_config/OpenBSD_normal.erb b/templates/sshd_config/OpenBSD_normal.erb
index 139613a7b01df665cf5a570ab126e1f0eea64551..b36a988c00289623697da22ae5bf3f1b57cbc1a6 100644 (file)
--- a/templates/sshd_config/OpenBSD_normal.erb
+++ b/templates/sshd_config/OpenBSD_normal.erb
@@ -63,7 +63,11 @@ PubkeyAuthentication yes
 PubkeyAuthentication no
 <%- end %>
 
-#AuthorizedKeysFile    .ssh/authorized_keys
+<%- unless real_sshd_authorized_keys_file.to_s.empty? then %>
+AuthorizedKeysFile <%= real_sshd_authorized_keys_file %>
+<%- else %>
+AuthorizedKeysFile %h/.ssh/authorized_keys
+<%- end %>
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>