From c00bf9e38afa4867f4ec397b260f2e467163096d Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Wed, 7 Dec 2011 03:49:09 -0500 Subject: Configure ssh and sshd during ipa-client-install. For ssh, VerifyHostKeyDNS option is set to 'yes' if --ssh-trust-dns ipa-client-install option is used. For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM options are enabled (this can be disabled using --no-sshd ipa-client-install option). ticket 1634 --- install/tools/ipa-replica-install | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'install/tools/ipa-replica-install') diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index dda4db909..0b8ab2ae7 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -63,6 +63,10 @@ def parse_options(): help="do not configure ntp", default=True) basic_group.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false", default=True, help="Do not automatically redirect to the Web UI") + basic_group.add_option("--ssh-trust-dns", dest="trust_sshfp", default=False, action="store_true", + help="configure OpenSSH client to trust DNS SSHFP records") + basic_group.add_option("--no-sshd", dest="conf_sshd", default=True, action="store_false", + help="do not configure OpenSSH server") basic_group.add_option("--skip-conncheck", dest="skip_conncheck", action="store_true", default=False, help="skip connection check to remote master") basic_group.add_option("-d", "--debug", dest="debug", action="store_true", @@ -460,6 +464,10 @@ def main(): args = ["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name] if not options.create_sshfp: args.append("--no-dns-sshfp") + if options.trust_sshfp: + args.append("--ssh-trust-dns") + if not options.conf_sshd: + args.append("--no-sshd") ipautil.run(args) except Exception, e: print "Configuration of client side components failed!" -- cgit