finish up idm_server hostclass

author: Cullum Smith <cullum@sacredheartsc.com> 2024-09-24 22:35:45 -0400
committer: Cullum Smith <cullum@sacredheartsc.com> 2024-09-24 22:35:45 -0400
commit: 6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb (patch)
tree: 9279f7a330affbb5da6a1f147739b8dfd92d4a19 /files/usr/local/etc/ssh
parent: d9c18b3fcb9b036b6cdf69397828b59ab4c53091 (diff)
download: infrastructure-6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb.tar.gz
7 files changed, 39 insertions, 0 deletions
diff --git a/files/usr/local/etc/ssh/ssh_config.freebsd b/files/usr/local/etc/ssh/ssh_config.freebsd
new file mode 100644
index 0000000..9be624a
--- /dev/null
+++ b/files/usr/local/etc/ssh/ssh_config.freebsd
@@ -0,0 +1,9 @@
+CanonicalizeHostname always
+CanonicalizeMaxDots 0
+CanonicalDomains ${domain}
+CanonicalizePermittedCNAMEs *.${domain}:*.${domain}
+KnownHostsCommand /usr/local/libexec/idm-ssh-known-hosts %H
+
+Host *.${domain}
+  GSSAPIAuthentication yes
+  GSSAPIDelegateCredentials yes
diff --git a/files/usr/local/etc/ssh/ssh_config.freebsd_hypervisor b/files/usr/local/etc/ssh/ssh_config.freebsd_hypervisor
new file mode 120000
index 0000000..338cdba
--- /dev/null
+++ b/files/usr/local/etc/ssh/ssh_config.freebsd_hypervisor
@@ -0,0 +1 @@
+ssh_config.no_idm
+\ No newline at end of file
diff --git a/files/usr/local/etc/ssh/ssh_config.no_idm b/files/usr/local/etc/ssh/ssh_config.no_idm
new file mode 100644
index 0000000..97f3ba8
--- /dev/null
+++ b/files/usr/local/etc/ssh/ssh_config.no_idm
@@ -0,0 +1 @@
+# Intentionally empty.
diff --git a/files/usr/local/etc/ssh/ssh_config.roadwarrior_laptop b/files/usr/local/etc/ssh/ssh_config.roadwarrior_laptop
new file mode 120000
index 0000000..338cdba
--- /dev/null
+++ b/files/usr/local/etc/ssh/ssh_config.roadwarrior_laptop
@@ -0,0 +1 @@
+ssh_config.no_idm
+\ No newline at end of file
diff --git a/files/usr/local/etc/ssh/sshd_config.freebsd b/files/usr/local/etc/ssh/sshd_config.freebsd
new file mode 100644
index 0000000..df46af6
--- /dev/null
+++ b/files/usr/local/etc/ssh/sshd_config.freebsd
@@ -0,0 +1,16 @@
+Include /etc/ssh/sshd_config.d/*.conf
+
+PermitRootLogin prohibit-password
+AuthorizedKeysFile .ssh/authorized_keys
+AuthorizedKeysCommand /usr/local/libexec/idm-ssh-authorized-keys %u
+AuthorizedKeysCommandUser ${ssh_authzkeys_user}
+
+KbdInteractiveAuthentication no
+PasswordAuthentication yes
+
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
+UsePAM yes
+UseDNS no
+
+Subsystem	sftp	/usr/local/libexec/sftp-server
diff --git a/files/usr/local/etc/ssh/sshd_config.freebsd_hypervisor b/files/usr/local/etc/ssh/sshd_config.freebsd_hypervisor
new file mode 120000
index 0000000..355377d
--- /dev/null
+++ b/files/usr/local/etc/ssh/sshd_config.freebsd_hypervisor
@@ -0,0 +1 @@
+sshd_config.no_idm
+\ No newline at end of file
diff --git a/files/usr/local/etc/ssh/sshd_config.no_idm b/files/usr/local/etc/ssh/sshd_config.no_idm
new file mode 100644
index 0000000..8a15559
--- /dev/null
+++ b/files/usr/local/etc/ssh/sshd_config.no_idm
@@ -0,0 +1,10 @@
+PermitRootLogin prohibit-password
+AuthorizedKeysFile	.ssh/authorized_keys
+
+KbdInteractiveAuthentication no
+PasswordAuthentication yes
+
+UsePAM yes
+UseDNS no
+
+Subsystem	sftp	/usr/local/libexec/sftp-server
author	Cullum Smith <cullum@sacredheartsc.com>	2024-09-24 22:35:45 -0400
committer	Cullum Smith <cullum@sacredheartsc.com>	2024-09-24 22:35:45 -0400
commit	6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb (patch)
tree	9279f7a330affbb5da6a1f147739b8dfd92d4a19 /files/usr/local/etc/ssh
parent	d9c18b3fcb9b036b6cdf69397828b59ab4c53091 (diff)
download	infrastructure-6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb.tar.gz