puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ssh/templates/ssh_config.erb
Abel Paz b48e066f21 Additional parameters for ssh_config 
To allow the following options to be configured in ssh_config
* StrictHostKeyChecking
* EnableSSHKeysign
* HostbasedAuthentication for ssh_client
2016-06-04 10:36:17 -04:00

103 lines
3.5 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# This file is being maintained by Puppet.
# DO NOT EDIT
# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
PasswordAuthentication yes
PubkeyAuthentication yes
# HostbasedAuthentication no
<% if @ssh_hostbasedauthentication -%>
HostbasedAuthentication <%= @ssh_hostbasedauthentication %>
<% end -%>
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
<% if @ssh_strict_host_key_checking -%>
StrictHostKeyChecking <%= @ssh_strict_host_key_checking %>
<% end -%>
# IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 2
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
<% if @ssh_config_ciphers -%>
Ciphers <%= @ssh_config_ciphers.join(',') %>
<% end -%>
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# HashKnownHosts no
<% if @ssh_config_hash_known_hosts_real != nil -%>
HashKnownHosts <%= @ssh_config_hash_known_hosts_real %>
<% end -%>
<% if @ssh_config_global_known_hosts_file -%>
GlobalKnownHostsFile <%= @ssh_config_global_known_hosts_file %>
<% end -%>
Host *
# GSSAPIAuthentication yes
GSSAPIAuthentication <%= @ssh_gssapiauthentication %>
<% if @ssh_gssapidelegatecredentials != nil -%>
GSSAPIDelegateCredentials <%= @ssh_gssapidelegatecredentials %>
<% end -%>
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
<% if @ssh_config_forward_x11_trusted_real != nil -%>
ForwardX11Trusted <%= @ssh_config_forward_x11_trusted_real %>
<% end -%>
<% if @ssh_config_forward_agent != nil -%>
ForwardAgent <%= @ssh_config_forward_agent %>
<% end -%>
<% if @ssh_config_forward_x11 != nil -%>
ForwardX11 <%= @ssh_config_forward_x11 %>
<% end -%>
<% if (@ssh_config_use_roaming_real == 'yes') or (@ssh_config_use_roaming_real == 'no') -%>
UseRoaming <%= @ssh_config_use_roaming_real %>
<% end -%>
<% if @ssh_config_server_alive_interval != nil -%>
ServerAliveInterval <%= @ssh_config_server_alive_interval %>
<% end -%>
<% if @ssh_sendenv_real == true -%>
# Send locale-related environment variables
SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL
<% if @ssh_config_sendenv_xmodifiers_real == true -%>
SendEnv XMODIFIERS
<% end -%>
<% end -%>
<% if @ssh_config_macs -%>
MACs <%= @ssh_config_macs.join(',') %>
<% end -%>
<% if @ssh_enable_ssh_keysign -%>
# EnableSSHKeysign no
EnableSSHKeysign yes
<% end -%>
Reference in New Issue View Git Blame Copy Permalink