Configure ssh and sshd during ipa-client-install.

For ssh, VerifyHostKeyDNS option is set to 'yes' if --ssh-trust-dns
ipa-client-install option is used.

For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM
options are enabled (this can be disabled using --no-sshd
ipa-client-install option).

ticket 1634

1 files changed, 8 insertions, 0 deletions

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index dda4db909..0b8ab2ae7 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -63,6 +63,10 @@ def parse_options():
                       help="do not configure ntp", default=True)
     basic_group.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false",
                       default=True, help="Do not automatically redirect to the Web UI")
+    basic_group.add_option("--ssh-trust-dns", dest="trust_sshfp", default=False, action="store_true",
+                      help="configure OpenSSH client to trust DNS SSHFP records")
+    basic_group.add_option("--no-sshd", dest="conf_sshd", default=True, action="store_false",
+                      help="do not configure OpenSSH server")
     basic_group.add_option("--skip-conncheck", dest="skip_conncheck", action="store_true",
                       default=False, help="skip connection check to remote master")
     basic_group.add_option("-d", "--debug", dest="debug", action="store_true",
@@ -460,6 +464,10 @@ def main():
         args = ["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name]
         if not options.create_sshfp:
             args.append("--no-dns-sshfp")
+        if options.trust_sshfp:
+            args.append("--ssh-trust-dns")
+        if not options.conf_sshd:
+            args.append("--no-sshd")
         ipautil.run(args)
     except Exception, e:
         print "Configuration of client side components failed!"