instack-undercloud/elements/puppet-stack-config/os-apply-config/etc/puppet
Cédric Jeanneret ed96987af5 Set Red Hat default SSHD configuration properly
Currently, the sshd configuration generated on RHEL does not reflect
the default RHEL configuration:

Port 22

AcceptEnv LANG LC_*
ChallengeResponseAuthentication no
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
PrintMotd no
Subsystem sftp /usr/libexec/openssh/sftp-server
UsePAM yes
X11Forwarding yes

The default RHEL sshd configuration has some more stuff in it, especially
regarding the logging and accepted environments:

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
AuthorizedKeysFile	.ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem	sftp	/usr/libexec/openssh/sftp-server

In addition, with release >Queens, the configuration is managed directly in
tripleo-heat-templates, and will look like the standard RHEL one.

Change-Id: I4803615fb6b8066b0c1afe2b0b7cbbd9d50aff40
2018-08-09 10:43:30 +02:00
..
hieradata Set Red Hat default SSHD configuration properly 2018-08-09 10:43:30 +02:00