9c12812735
Some major changes: * the charm has been rebased (from a Python perspective) to be rooted in the charm directory. This is a single root. * Imports have been changed so that the don't add lots of imports to the namespace of the module doing the import. * The code that used to run at module import time has been made lazy such that it only has to run if the relevant functions are called. This includes restart_on_change parameters, the harden function and the parameters to the guard_map. Appropriate changes will be submitted to charm-helpers. * Several tests had to be re-written as (incorrect) mocking meant that text fixtures didn't actually match what the code was doing. Thus, the tests were meaningless. * This has had a net positive impact on the unit tests wrt to importing modules and mocking. Change-Id: Id07d9d1caaa9b29453a63c2e49ba831071e9457f
71 lines
2.0 KiB
Plaintext
71 lines
2.0 KiB
Plaintext
###############################################################################
|
|
# WARNING: This configuration file is maintained by Juju. Local changes may
|
|
# be overwritten.
|
|
###############################################################################
|
|
# This is the ssh client system-wide configuration file. See
|
|
# ssh_config(5) for more information. This file provides defaults for
|
|
# users, and the values can be changed in per-user configuration files
|
|
# or on the command line.
|
|
|
|
# Configuration data is parsed as follows:
|
|
# 1. command line options
|
|
# 2. user-specific file
|
|
# 3. system-wide file
|
|
# Any configuration value is only changed the first time it is set.
|
|
# Thus, host-specific definitions should be at the beginning of the
|
|
# configuration file, and defaults at the end.
|
|
|
|
# Site-wide defaults for some commonly used options. For a comprehensive
|
|
# list of available options, their meanings and defaults, please see the
|
|
# ssh_config(5) man page.
|
|
|
|
# Restrict the following configuration to be limited to this Host.
|
|
{% if remote_hosts -%}
|
|
Host {{ ' '.join(remote_hosts) }}
|
|
{% endif %}
|
|
ForwardAgent no
|
|
ForwardX11 no
|
|
ForwardX11Trusted yes
|
|
RhostsRSAAuthentication no
|
|
RSAAuthentication yes
|
|
PasswordAuthentication {{ password_auth_allowed }}
|
|
HostbasedAuthentication no
|
|
GSSAPIAuthentication no
|
|
GSSAPIDelegateCredentials no
|
|
GSSAPIKeyExchange no
|
|
GSSAPITrustDNS no
|
|
BatchMode no
|
|
CheckHostIP yes
|
|
AddressFamily {{ addr_family }}
|
|
ConnectTimeout 0
|
|
StrictHostKeyChecking ask
|
|
IdentityFile ~/.ssh/identity
|
|
IdentityFile ~/.ssh/id_rsa
|
|
IdentityFile ~/.ssh/id_dsa
|
|
# The port at the destination should be defined
|
|
{% for port in ports -%}
|
|
Port {{ port }}
|
|
{% endfor %}
|
|
Protocol 2
|
|
Cipher 3des
|
|
{% if ciphers -%}
|
|
Ciphers {{ ciphers }}
|
|
{%- endif %}
|
|
{% if macs -%}
|
|
MACs {{ macs }}
|
|
{%- endif %}
|
|
{% if kexs -%}
|
|
KexAlgorithms {{ kexs }}
|
|
{%- endif %}
|
|
EscapeChar ~
|
|
Tunnel no
|
|
TunnelDevice any:any
|
|
PermitLocalCommand no
|
|
VisualHostKey no
|
|
RekeyLimit 1G 1h
|
|
SendEnv LANG LC_*
|
|
HashKnownHosts yes
|
|
{% if roaming -%}
|
|
UseRoaming {{ roaming }}
|
|
{% endif %}
|