Hack sshd Kerberos issues

author alex <alex@pdp7.net>

Sun, 18 Jun 2023 10:21:37 +0000 (12:21 +0200)

committer alex <alex@pdp7.net>

Sun, 18 Jun 2023 10:45:11 +0000 (12:45 +0200)
author alex <alex@pdp7.net>
Sun, 18 Jun 2023 10:21:37 +0000 (12:21 +0200)
committer alex <alex@pdp7.net>
Sun, 18 Jun 2023 10:45:11 +0000 (12:45 +0200)
diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp

index 3be76531898de495fc872a018d9ee7f319f3fc2b..1e7983a53ad9ee0bbcd9a123ca4eb21ceae403c1 100644 (file)
--- a/personal_infra/puppet/site/h1.pdp7.net.pp
+++ b/personal_infra/puppet/site/h1.pdp7.net.pp
@@ -5,6 +5,14 @@ node 'h1.pdp7.net' {
    # TODO: ugly; tinc scripts require this :(
    package {'net-tools':}
  
+  # https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/EZSM6LQPSNRY4WA52IYVR46RSXIDU3U7/
+  # SSH hack
+  file {'/etc/ssh/sshd_config.d/weak-gss.conf':
+    content => "GSSAPIStrictAcceptorCheck no\n",
+  }
+  ~>
+  service {'sshd':}
+
    class {'proxmox::proxy':
      mail => lookup('mail.root_mail'),
      base_hostname => lookup('network.public_hostname'),
author	alex <alex@pdp7.net>
	Sun, 18 Jun 2023 10:21:37 +0000 (12:21 +0200)
committer	alex <alex@pdp7.net>
	Sun, 18 Jun 2023 10:45:11 +0000 (12:45 +0200)