add pkg_repository hostclass

author: Cullum Smith <cullum@sacredheartsc.com> 2024-07-17 06:45:00 -0400
committer: Cullum Smith <cullum@sacredheartsc.com> 2024-07-17 06:46:22 -0400
commit: f036b9c0da685d11e341d61e5aaeb75cac576111 (patch)
tree: 22b08ae6bb7e83d529fe49fe99ea8da87a8d25a4 /files/etc
parent: 89cdd1c872694797a8f6f0185be2b2cd3467bfcc (diff)
download: infrastructure-f036b9c0da685d11e341d61e5aaeb75cac576111.tar.gz
2 files changed, 25 insertions, 0 deletions
diff --git a/files/etc/ssh/ssh_config.freebsd b/files/etc/ssh/ssh_config.freebsd
new file mode 100644
index 0000000..9be624a
--- /dev/null
+++ b/files/etc/ssh/ssh_config.freebsd
@@ -0,0 +1,9 @@
+CanonicalizeHostname always
+CanonicalizeMaxDots 0
+CanonicalDomains ${domain}
+CanonicalizePermittedCNAMEs *.${domain}:*.${domain}
+KnownHostsCommand /usr/local/libexec/idm-ssh-known-hosts %H
+
+Host *.${domain}
+  GSSAPIAuthentication yes
+  GSSAPIDelegateCredentials yes
diff --git a/files/etc/ssh/sshd_config.freebsd b/files/etc/ssh/sshd_config.freebsd
new file mode 100644
index 0000000..c933741
--- /dev/null
+++ b/files/etc/ssh/sshd_config.freebsd
@@ -0,0 +1,16 @@
+Include /etc/ssh/sshd_config.d/*.conf
+
+PermitRootLogin prohibit-password
+AuthorizedKeysFile .ssh/authorized_keys
+AuthorizedKeysCommand /usr/local/libexec/idm-ssh-authorized-keys %u
+AuthorizedKeysCommandUser ${ssh_authzkeys_user}
+
+KbdInteractiveAuthentication no
+PasswordAuthentication yes
+
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
+UsePAM yes
+UseDNS no
+
+Subsystem	sftp	/usr/libexec/sftp-server
author	Cullum Smith <cullum@sacredheartsc.com>	2024-07-17 06:45:00 -0400
committer	Cullum Smith <cullum@sacredheartsc.com>	2024-07-17 06:46:22 -0400
commit	f036b9c0da685d11e341d61e5aaeb75cac576111 (patch)
tree	22b08ae6bb7e83d529fe49fe99ea8da87a8d25a4 /files/etc
parent	89cdd1c872694797a8f6f0185be2b2cd3467bfcc (diff)
download	infrastructure-f036b9c0da685d11e341d61e5aaeb75cac576111.tar.gz