diff options
| author | alex <alex@pdp7.net> | 2023-06-18 12:21:37 +0200 |
|---|---|---|
| committer | alex <alex@pdp7.net> | 2023-06-18 12:45:11 +0200 |
| commit | e6ae2ea374dbf7c75fba49a749658519e6c9c9d5 (patch) | |
| tree | aba718894592922f26fa067eea7fc9a48c464511 | |
| parent | 24f1c247c9af82d3fe2de70418032937dfe5d1fb (diff) | |
Hack sshd Kerberos issues
| -rw-r--r-- | personal_infra/puppet/site/h1.pdp7.net.pp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp index 3be76531..1e7983a5 100644 --- a/personal_infra/puppet/site/h1.pdp7.net.pp +++ b/personal_infra/puppet/site/h1.pdp7.net.pp @@ -5,6 +5,14 @@ node 'h1.pdp7.net' { # TODO: ugly; tinc scripts require this :( package {'net-tools':} + # https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/EZSM6LQPSNRY4WA52IYVR46RSXIDU3U7/ + # SSH hack + file {'/etc/ssh/sshd_config.d/weak-gss.conf': + content => "GSSAPIStrictAcceptorCheck no\n", + } + ~> + service {'sshd':} + class {'proxmox::proxy': mail => lookup('mail.root_mail'), base_hostname => lookup('network.public_hostname'), |