File tree 3 files changed +5
-11
lines changed
3 files changed +5
-11
lines changed Original file line number Diff line number Diff line change @@ -34,6 +34,7 @@ This cookbook provides secure ssh-client and ssh-server configurations.
3434* ` ['ssh']['remote_hosts'] ` - one or more hosts, to which ssh-client can connect to. Default is empty, but should be configured for security reasons!
3535* ` ['ssh']['allow_tcp_forwarding'] ` - ` false ` to disable TCP Forwarding. Set to ` true ` to allow TCP Forwarding
3636* ` ['ssh']['allow_agent_forwarding'] ` - ` false ` to disable Agent Forwarding. Set to ` true ` to allow Agent Forwarding
37+ * ` ['ssh']['allow_x11_forwarding'] ` - ` false ` to disable X11 Forwarding. Set to ` true ` to allow X11 Forwarding
3738* ` ['ssh']['use_pam'] ` - ` false ` to disable pam authentication
3839* ` ['ssh']['print_motd'] ` - ` false ` to disable printing of the MOTD
3940* ` ['ssh']['print_last_log'] ` - ` false ` to disable display of last login information
Original file line number Diff line number Diff line change 5858default [ 'ssh' ] [ 'allow_root_with_key' ] = false # sshd
5959default [ 'ssh' ] [ 'allow_tcp_forwarding' ] = false # sshd
6060default [ 'ssh' ] [ 'allow_agent_forwarding' ] = false # sshd
61+ default [ 'ssh' ] [ 'allow_x11_forwarding' ] = false # sshd
6162default [ 'ssh' ] [ 'use_pam' ] = false # sshd
6263default [ 'ssh' ] [ 'deny_users' ] = [ ] # sshd
6364default [ 'ssh' ] [ 'allow_users' ] = [ ] # sshd
Original file line number Diff line number Diff line change @@ -156,25 +156,17 @@ PermitTunnel no
156156
157157# Disable forwarding tcp connections.
158158# no real advantage without denied shell access
159- <% if @node['ssh']['allow_tcp_forwarding'] %>
160- AllowTcpForwarding yes
161- <% else %>
162- AllowTcpForwarding no
163- <% end %>
159+ AllowTcpForwarding <%= ((@node['ssh']['allow_tcp_forwarding']) ? 'yes' : 'no' ) %>
164160
165161# Disable agent formwarding, since local agent could be accessed through forwarded connection.
166162# no real advantage without denied shell access
167- <% if @node['ssh']['allow_agent_forwarding'] %>
168- AllowAgentForwarding yes
169- <% else %>
170- AllowAgentForwarding no
171- <% end %>
163+ AllowAgentForwarding <%= ((@node['ssh']['allow_agent_forwarding']) ? 'yes' : 'no' ) %>
172164
173165# Do not allow remote port forwardings to bind to non-loopback addresses.
174166GatewayPorts no
175167
176168# Disable X11 forwarding, since local X11 display could be accessed through forwarded connection.
177- X11Forwarding no
169+ X11Forwarding <%= ((@node['ssh']['allow_x11_forwarding']) ? 'yes' : 'no' ) %>
178170X11UseLocalhost yes
179171
180172
You can’t perform that action at this time.
0 commit comments