Merge pull request #71 from IFTTT/adding_attributes_to_enable_motd

Adding attributes to enable printing the MOTD.
dev-sec · Feb 16, 2015 · 5afc4c9 · 5afc4c9
2 parents 31b8fb7 + a49e0da
commit 5afc4c9
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -26,6 +26,8 @@ This cookbook provides secure ssh-client and ssh-server configurations.
 * `['ssh']['allow_tcp_forwarding']` - `false` to disable TCP Forwarding. Set to `true` to allow TCP Forwarding
 * `['ssh']['allow_agent_forwarding']` - `false` to disable Agent Forwarding. Set to `true` to allow Agent Forwarding
 * `['ssh']['use_pam']` - `false` to disable pam authentication
+* `['ssh']['print_motd']` - `false` to disable printing of the MOTD
+* `['ssh']['print_last_log']` - `false` to disable display of last login information
 
 ## Data Bags
 

diff --git a/attributes/default.rb b/attributes/default.rb
@@ -59,5 +59,7 @@
 default['ssh']['allow_tcp_forwarding']    = false   # sshd
 default['ssh']['allow_agent_forwarding']  = false   # sshd
 default['ssh']['use_pam']                 = false   # sshd
+default['ssh']['print_motd']              = false   # sshd
+default['ssh']['print_last_log']          = false   # sshd
 # set this to nil to let us detect the attribute based on the node platform
 default['ssh']['use_privilege_separation'] = nil
diff --git a/templates/default/opensshd.conf.erb b/templates/default/opensshd.conf.erb
@@ -166,8 +166,8 @@ X11UseLocalhost yes
 # ===================
 
 
-PrintMotd no
-PrintLastLog no
+PrintMotd <%= ((@node['ssh']['print_motd']) ? 'yes' : 'no' ) %>
+PrintLastLog <%= ((@node['ssh']['print_last_log']) ? 'yes' : 'no' ) %>
 #Banner /etc/ssh/banner.txt
 #UseDNS yes
 #PidFile /var/run/sshd.pid