From f13f49d00c028002bb22a25f75c15633d5ae3e81 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Wed, 17 Jun 2020 18:55:09 +0100 Subject: [PATCH] Remove some openssh cleanup code --- cookbooks/openssh/recipes/default.rb | 15 ------ .../openssh/templates/default/ssh_config.erb | 51 ------------------- 2 files changed, 66 deletions(-) delete mode 100644 cookbooks/openssh/templates/default/ssh_config.erb diff --git a/cookbooks/openssh/recipes/default.rb b/cookbooks/openssh/recipes/default.rb index c5738f45b..13bc8f517 100644 --- a/cookbooks/openssh/recipes/default.rb +++ b/cookbooks/openssh/recipes/default.rb @@ -28,14 +28,6 @@ service "ssh" do supports :status => true, :restart => true, :reload => true end -file "/etc/ssh/ssh_host_dsa_key" do - action :delete -end - -file "/etc/ssh/ssh_host_dsa_key.pub" do - action :delete -end - hosts = search(:node, "networking:interfaces").sort_by { |n| n[:hostname] }.collect do |node| name = node.name.split(".").first @@ -70,13 +62,6 @@ hosts = search(:node, "networking:interfaces").sort_by { |n| n[:hostname] }.coll ] end -template "/etc/ssh/ssh_config" do - source "ssh_config.erb" - mode 0o644 - owner "root" - group "root" -end - template "/etc/ssh/ssh_known_hosts" do source "ssh_known_hosts.erb" mode 0o444 diff --git a/cookbooks/openssh/templates/default/ssh_config.erb b/cookbooks/openssh/templates/default/ssh_config.erb deleted file mode 100644 index 2e1c9604f..000000000 --- a/cookbooks/openssh/templates/default/ssh_config.erb +++ /dev/null @@ -1,51 +0,0 @@ - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -Host * -# ForwardAgent no -# ForwardX11 no -# ForwardX11Trusted yes -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# GSSAPIKeyExchange no -# GSSAPITrustDNS no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# IdentityFile ~/.ssh/id_ecdsa -# IdentityFile ~/.ssh/id_ed25519 -# Port 22 -# Protocol 2 -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no -# VisualHostKey no -# ProxyCommand ssh -q -W %h:%p gateway.example.com -# RekeyLimit 1G 1h - SendEnv LANG LC_* - HashKnownHosts yes - GSSAPIAuthentication yes -- 2.39.5