From e6ae2ea374dbf7c75fba49a749658519e6c9c9d5 Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sun, 18 Jun 2023 12:21:37 +0200
Subject: [PATCH] Hack sshd Kerberos issues

---
 personal_infra/puppet/site/h1.pdp7.net.pp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp
index 3be7653..1e7983a 100644
--- a/personal_infra/puppet/site/h1.pdp7.net.pp
+++ b/personal_infra/puppet/site/h1.pdp7.net.pp
@@ -5,6 +5,14 @@ node 'h1.pdp7.net' {
   # TODO: ugly; tinc scripts require this :(
   package {'net-tools':}
 
+  # https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/EZSM6LQPSNRY4WA52IYVR46RSXIDU3U7/
+  # SSH hack
+  file {'/etc/ssh/sshd_config.d/weak-gss.conf':
+    content => "GSSAPIStrictAcceptorCheck no\n",
+  }
+  ~>
+  service {'sshd':}
+
   class {'proxmox::proxy':
     mail => lookup('mail.root_mail'),
     base_hostname => lookup('network.public_hostname'),
-- 
2.47.3