Merge "nova-migration-target: Restrict access to the core sshd"
This commit is contained in:
commit
30142f0a6b
|
@ -125,25 +125,25 @@ outputs:
|
||||||
- 22
|
- 22
|
||||||
tripleo::profile::base::sshd::password_authentication: 'no'
|
tripleo::profile::base::sshd::password_authentication: 'no'
|
||||||
tripleo::profile::base::sshd::options:
|
tripleo::profile::base::sshd::options:
|
||||||
# NOTE(tkajinam): Thse values inherits the default sshd options
|
|
||||||
HostKey:
|
HostKey:
|
||||||
- '/etc/ssh/ssh_host_rsa_key'
|
- '/etc/ssh/ssh_host_rsa_key'
|
||||||
- '/etc/ssh/ssh_host_ecdsa_key'
|
- '/etc/ssh/ssh_host_ecdsa_key'
|
||||||
- '/etc/ssh/ssh_host_ed25519_key'
|
- '/etc/ssh/ssh_host_ed25519_key'
|
||||||
SyslogFacility: 'AUTHPRIV'
|
SyslogFacility: 'AUTHPRIV'
|
||||||
|
AllowUsers: 'nova_migration'
|
||||||
AuthorizedKeysFile: '.ssh/authorized_keys'
|
AuthorizedKeysFile: '.ssh/authorized_keys'
|
||||||
ChallengeResponseAuthentication: 'no'
|
ChallengeResponseAuthentication: 'no'
|
||||||
GSSAPIAuthentication: 'no'
|
GSSAPIAuthentication: 'no'
|
||||||
GSSAPICleanupCredentials: 'no'
|
GSSAPICleanupCredentials: 'no'
|
||||||
UsePAM: 'yes'
|
UsePAM: 'yes'
|
||||||
UseDNS: 'no'
|
UseDNS: 'no'
|
||||||
X11Forwarding: 'yes'
|
AllowTcpForwarding: 'no'
|
||||||
|
X11Forwarding: 'no'
|
||||||
AcceptEnv:
|
AcceptEnv:
|
||||||
- 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
|
- 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
|
||||||
- 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
|
- 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
|
||||||
- 'LC_IDENTIFICATION LC_ALL LANGUAGE'
|
- 'LC_IDENTIFICATION LC_ALL LANGUAGE'
|
||||||
- 'XMODIFIERS'
|
- 'XMODIFIERS'
|
||||||
Subsystem: 'sftp /usr/libexec/openssh/sftp-server'
|
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: nova_libvirt
|
config_volume: nova_libvirt
|
||||||
step_config:
|
step_config:
|
||||||
|
|
Loading…
Reference in New Issue