Authorized keys custom path

lubomir-kacalek · lubomir-kacalek · commit 73e8996fad74 · 2017-03-30T14:52:34.000+02:00
diff --git a/attributes/default.rb b/attributes/default.rb
@@ -99,6 +99,7 @@
 default['ssh-hardening']['ssh']['server']['password_authentication']  = false
 default['ssh-hardening']['ssh']['server']['log_level']                = 'verbose'
 default['ssh-hardening']['ssh']['server']['accept_env']               = ['LANG', 'LC_*', 'LANGUAGE']
+default['ssh-hardening']['ssh']['server']['authorized_keys_path']     = nil     # if not nil, full path to an authorized keys folder is expected
 
 # sshd sftp options
 default['ssh-hardening']['ssh']['server']['sftp']['enable']           = false
diff --git a/templates/default/opensshd.conf.erb b/templates/default/opensshd.conf.erb
@@ -96,6 +96,11 @@ MaxStartups 10:30:100
 # Enable public key authentication
 PubkeyAuthentication yes
 
+<% if @node['ssh-hardening']['ssh']['server']['authorized_keys_path'] != nil %>
+# Customized authorized keys path
+AuthorizedKeysFile <%= @node['ssh-hardening']['ssh']['server']['authorized_keys_path'] %>
+<% end %>
+
 # Never use host-based authentication. It can be exploited.
 IgnoreRhosts yes
 IgnoreUserKnownHosts yes
