add a bunch of hostclasses

author: Cullum Smith <cullum@sacredheartsc.com> 2024-10-12 08:14:59 -0400
committer: Cullum Smith <cullum@sacredheartsc.com> 2024-10-12 08:15:33 -0400
commit: 99b8524c16cc99ceeaf1ebf588f2fc0f2c0fbe0a (patch)
tree: 3ffa4113f23eca6cea8ff2c94ba7ce60188d943e /files/usr/local/etc/ssh
parent: 1c882c769e5476b5cb3fa294257c76165a7a6f46 (diff)
download: infrastructure-99b8524c16cc99ceeaf1ebf588f2fc0f2c0fbe0a.tar.gz
2 files changed, 12 insertions, 1 deletions
diff --git a/files/usr/local/etc/ssh/sshd_config.d/acmeproxy.conf.common b/files/usr/local/etc/ssh/sshd_config.d/acmeproxy.conf.common
new file mode 100644
index 0000000..63022e3
--- /dev/null
+++ b/files/usr/local/etc/ssh/sshd_config.d/acmeproxy.conf.common
@@ -0,0 +1,11 @@
+Match Group ${acmeproxy_client_group}
+  ChrootDirectory ${acmeproxy_home}
+  ForceCommand internal-sftp -R
+  DisableForwarding yes
+  PermitUserRC no
+  PermitTTY no
+  GSSAPIAuthentication yes
+  KbdInteractiveAuthentication no
+  PasswordAuthentication no
+  PubkeyAuthentication no
+  AuthenticationMethods gssapi-with-mic
diff --git a/files/usr/local/etc/ssh/sshd_config.freebsd b/files/usr/local/etc/ssh/sshd_config.freebsd
index 52d9bfe..eca2276 100644
--- a/files/usr/local/etc/ssh/sshd_config.freebsd
+++ b/files/usr/local/etc/ssh/sshd_config.freebsd
@@ -1,4 +1,4 @@
-Include /etc/ssh/sshd_config.d/*.conf
+Include /usr/local/etc/ssh/sshd_config.d/*.conf
 
 PermitRootLogin prohibit-password
 AuthorizedKeysFile .ssh/authorized_keys
author	Cullum Smith <cullum@sacredheartsc.com>	2024-10-12 08:14:59 -0400
committer	Cullum Smith <cullum@sacredheartsc.com>	2024-10-12 08:15:33 -0400
commit	99b8524c16cc99ceeaf1ebf588f2fc0f2c0fbe0a (patch)
tree	3ffa4113f23eca6cea8ff2c94ba7ce60188d943e /files/usr/local/etc/ssh
parent	1c882c769e5476b5cb3fa294257c76165a7a6f46 (diff)
download	infrastructure-99b8524c16cc99ceeaf1ebf588f2fc0f2c0fbe0a.tar.gz