support deployment os of ubuntu 14.04 with cobbler for compass

JIRA: COMPASS-3

Change-Id: I703658b04ec7ec1df4a2a3b9eac5656419d8fd9f
Signed-off-by: baigk <baiguoku@huawei.com>

1 files changed, 142 insertions, 0 deletions

diff --git a/deploy/adapters/cobbler/snippets/sshd.xml b/deploy/adapters/cobbler/snippets/sshd.xml
new file mode 100644
index 00000000..4eb97e32
--- /dev/null
+++ b/deploy/adapters/cobbler/snippets/sshd.xml
@@ -0,0 +1,142 @@
+<file>

+  <file_path>/etc/ssh/sshd_config</file_path>

+  <file_contents>

+<![CDATA[

+#raw

+# The strategy used for options in the default sshd_config shipped with

+# OpenSSH is to specify options with their default value where

+# possible, but leave them commented.  Uncommented options override the

+# default value.

+

+#Port 22

+#AddressFamily any

+#ListenAddress 0.0.0.0

+#ListenAddress ::

+

+# The default requires explicit activation of protocol 1

+#Protocol 2

+

+# HostKey for protocol version 1

+#HostKey /etc/ssh/ssh_host_key

+# HostKeys for protocol version 2

+#HostKey /etc/ssh/ssh_host_rsa_key

+#HostKey /etc/ssh/ssh_host_dsa_key

+#HostKey /etc/ssh/ssh_host_ecdsa_key

+

+# Lifetime and size of ephemeral version 1 server key

+#KeyRegenerationInterval 1h

+#ServerKeyBits 1024

+

+# Logging

+# obsoletes QuietMode and FascistLogging

+#SyslogFacility AUTH

+#LogLevel INFO

+

+# Authentication:

+

+#LoginGraceTime 2m

+#PermitRootLogin yes

+#StrictModes yes

+#MaxAuthTries 6

+#MaxSessions 10

+

+RSAAuthentication yes

+PubkeyAuthentication yes

+

+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2

+# but this is overridden so installations will only check .ssh/authorized_keys

+AuthorizedKeysFile      .ssh/authorized_keys

+

+#AuthorizedPrincipalsFile none

+

+#AuthorizedKeysCommand none

+#AuthorizedKeysCommandUser nobody

+

+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

+#RhostsRSAAuthentication no

+# similar for protocol version 2

+#HostbasedAuthentication no

+# Change to yes if you don't trust ~/.ssh/known_hosts for

+# RhostsRSAAuthentication and HostbasedAuthentication

+#IgnoreUserKnownHosts no

+# Don't read the user's ~/.rhosts and ~/.shosts files

+#IgnoreRhosts yes

+

+# To disable tunneled clear text passwords, change to no here!

+PasswordAuthentication yes

+#PermitEmptyPasswords no

+

+# Change to no to disable s/key passwords

+#ChallengeResponseAuthentication yes

+

+# Kerberos options

+#KerberosAuthentication no

+#KerberosOrLocalPasswd yes

+#KerberosTicketCleanup yes

+#KerberosGetAFSToken no

+

+# GSSAPI options

+#GSSAPIAuthentication no

+#GSSAPICleanupCredentials yes

+

+# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication

+# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included

+# in this release. The use of 'gssapi' is deprecated due to the presence of

+# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.

+#GSSAPIEnableMITMAttack no

+

+# Set this to 'yes' to enable PAM authentication, account processing, 

+# and session processing. If this is enabled, PAM authentication will 

+# be allowed through the ChallengeResponseAuthentication and

+# PasswordAuthentication.  Depending on your PAM configuration,

+# PAM authentication via ChallengeResponseAuthentication may bypass

+# the setting of "PermitRootLogin without-password".

+# If you just want the PAM account and session checks to run without

+# PAM authentication, then enable this but set PasswordAuthentication

+# and ChallengeResponseAuthentication to 'no'.

+UsePAM yes

+

+#AllowAgentForwarding yes

+#AllowTcpForwarding yes

+#GatewayPorts no

+X11Forwarding yes

+#X11DisplayOffset 10

+#X11UseLocalhost yes

+#PrintMotd yes

+#PrintLastLog yes

+#TCPKeepAlive yes

+#UseLogin no

+UsePrivilegeSeparation sandbox          # Default for new installations.

+#PermitUserEnvironment no

+#Compression delayed

+#ClientAliveInterval 0

+#ClientAliveCountMax 3

+#UseDNS yes

+#PidFile /run/sshd.pid

+#MaxStartups 10:30:100

+#PermitTunnel no

+#ChrootDirectory none

+#VersionAddendum none

+

+# no default banner path

+#Banner none

+

+# override default of no subsystems

+Subsystem       sftp    /usr/lib/ssh/sftp-server

+

+# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).

+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES

+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT

+AcceptEnv LC_IDENTIFICATION LC_ALL

+

+# Example of overriding settings on a per-user basis

+#Match User anoncvs

+#       X11Forwarding no

+#       AllowTcpForwarding no

+#       ForceCommand cvs server

+#end raw

+]]>

+  </file_contents>

+  <file_owner>root.root</file_owner>

+  <file_permissions>640</file_permissions>

+</file>