infrastructure/mono-infrastructure
7
0
Fork 0
mirror of https://github.com/rocky-linux/infrastructure synced 2024-11-25 14:41:28 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #14983 from rocky-linux/develop

Browse Source 
no passwords
This commit is contained in:
Louis Abel 2021-02-02 00:48:10 -07:00 committed by GitHub
commit a755c87a7c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/playbooks/templates/etc/ssh/RedHat-7-sshd_config.j2
View File

@ -62,7 +62,6 @@ AuthorizedKeysFile .ssh/authorized_keys
# To disable tunneled clear text passwords, change to no here! # To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes #PasswordAuthentication yes
#PermitEmptyPasswords no #PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords # Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes #ChallengeResponseAuthentication yes
@ -154,3 +153,8 @@ Ciphers aes256-ctr,aes192-ctr,aes128-ctr
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
AuthorizedKeysCommandUser nobody AuthorizedKeysCommandUser nobody
ChallengeResponseAuthentication yes ChallengeResponseAuthentication yes
PasswordAuthentication no
{% if 'gitlabservers' in group_names %}
AllowUsers git@* *@10.*
{% endif %}

6
ansible/playbooks/templates/etc/ssh/RedHat-8-sshd_config.j2
View File

@ -70,7 +70,6 @@ AuthorizedKeysFile .ssh/authorized_keys
# To disable tunneled clear text passwords, change to no here! # To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes #PasswordAuthentication yes
#PermitEmptyPasswords no #PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords # Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes #ChallengeResponseAuthentication yes
@ -166,3 +165,8 @@ Ciphers aes256-ctr,aes192-ctr,aes128-ctr
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
AuthorizedKeysCommandUser nobody AuthorizedKeysCommandUser nobody
ChallengeResponseAuthentication yes ChallengeResponseAuthentication yes
PasswordAuthentication no
{% if 'gitlabservers' in group_names %}
AllowUsers git@* *@10.*
{% endif %}