Skip to content

Commit

Permalink
Merge pull request dev-sec#102 from linaksa/master
Browse files Browse the repository at this point in the history
Configurable PasswordAuthentication
  • Loading branch information
chris-rock committed Oct 17, 2015
2 parents dd908ed + 3f3cacb commit 2489177
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions attributes/default.rb
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@
default['ssh']['allow_groups'] = [] # sshd
default['ssh']['print_motd'] = false # sshd
default['ssh']['print_last_log'] = false # sshd
default['ssh']['password_authentication'] = false # sshd
# set this to nil to let us use the default OpenSSH in case it's not set by the user
default['ssh']['use_dns'] = nil # sshd
# set this to nil to let us detect the attribute based on the node platform
Expand Down
2 changes: 1 addition & 1 deletion templates/default/opensshd.conf.erb
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ HostbasedAuthentication no
# Enable PAM to enforce system wide rules
UsePAM <%= ((@node['ssh']['use_pam']) ? "yes" : "no" ) %>
# Disable password-based authentication, it can allow for potentially easier brute-force attacks.
PasswordAuthentication no
PasswordAuthentication <%= ((@node['ssh']['password_authentication']) ? "yes" : "no" ) %>
PermitEmptyPasswords no
ChallengeResponseAuthentication no

Expand Down

0 comments on commit 2489177

Please sign in to comment.