From: alex <alex@pdp7.net>
Date: Sun, 18 Jun 2023 10:21:37 +0000 (+0200)
Subject: Hack sshd Kerberos issues
X-Git-Tag: 20240214-emacs~329
X-Git-Url: https://xn--ix-yja.es/gitweb/?a=commitdiff_plain;h=e6ae2ea374dbf7c75fba49a749658519e6c9c9d5;p=alex.git

Hack sshd Kerberos issues
---

diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp
index 3be7653..1e7983a 100644
--- a/personal_infra/puppet/site/h1.pdp7.net.pp
+++ b/personal_infra/puppet/site/h1.pdp7.net.pp
@@ -5,6 +5,14 @@ node 'h1.pdp7.net' {
   # TODO: ugly; tinc scripts require this :(
   package {'net-tools':}
 
+  # https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/EZSM6LQPSNRY4WA52IYVR46RSXIDU3U7/
+  # SSH hack
+  file {'/etc/ssh/sshd_config.d/weak-gss.conf':
+    content => "GSSAPIStrictAcceptorCheck no\n",
+  }
+  ~>
+  service {'sshd':}
+
   class {'proxmox::proxy':
     mail => lookup('mail.root_mail'),
     base_hostname => lookup('network.public_hostname'),