D975.id2494.diff
No OneTemporary
Actions

Size

1013 B

Referenced Files

None

Subscribers

None

D975.id2494.diff
View Options

	diff --git a/roles/core/sshd/init.sls b/roles/core/sshd/init.sls
	--- a/roles/core/sshd/init.sls
	+++ b/roles/core/sshd/init.sls
	@@ -6,6 +6,25 @@
	# License: Trivial work, not eligible to copyright
	# -------------------------------------------------------------

	+# -------------------------------------------------------------
	+# OpenSSH configuration
	+# -------------------------------------------------------------
	+
	/etc/ssh/sshd_config:
	file.managed:
	- source: salt://roles/core/sshd/files/sshd_config
	+
	+# -------------------------------------------------------------
	+# PAM fixes
	+# -------------------------------------------------------------
	+
	+# T1194 - Debian offers a nologin pam module avoiding people
	+# to log in when /run/nologin exists. OS can pop this file,
	+# for example at shutdown time or when systemd boot hasn't
	+# finished.
	+
	+pam_disable_nologin:
	+ file.comment:
	+ - name: /etc/pam.d/sshd
	+ - regex: ^account.*pam_nologin\.so
	+ - backup: None