Merge pull request #1268 from leochen4891/add_x11_forwarding

add AddressFamily and a switch for x11 forwarding (default = false)

Author: Andrew Jones

cookbooks/bcpc/attributes/default.rb

@@ -245,3 +245,7 @@
 # jmxtrans-agent deploy location
 default['bcpc']['jmxtrans_agent']['lib_file'] = '/usr/lib/jmxtrans_agent/jmxtrans-agent-1.2.5.jar'
 default['bcpc']['jmxtrans_agent']['lib_file_checksum'] = 'd351ac0b863ffb2742477001296f65cbca6f8e9bb5bec3dc2194c447d838ae17'
+
+# sshd_config
+default['bcpc']['ssh']['address_family'] = 'inet'
+default['bcpc']['ssh']['x11_forwarding'] = false

cookbooks/bcpc/recipes/ssh.rb

@@ -57,7 +57,11 @@
   source 'sshd_config.erb'
   mode 00644
   notifies :restart, 'service[ssh]', :immediately
-  variables lazy {{ listen_address: node[:bcpc][:management][:ip] }}
+  variables lazy { {
+    address_family: node['bcpc']['ssh']['address_family'],
+    listen_address: node[:bcpc][:management][:ip],
+    x11_forwarding: (node['bcpc']['ssh']['x11_forwarding'] ? 'yes' : 'no')
+  } }
 
   # Don't rewrite the file unless we know the listen address is valid!
   only_if {

cookbooks/bcpc/templates/default/sshd_config.erb

@@ -8,7 +8,8 @@
 Port 22
 # Use these options to restrict which interfaces/protocols sshd will bind to
 #ListenAddress ::
-ListenAddress <%= node[:bcpc][:management][:ip] %>
+AddressFamily <%= @address_family %>
+ListenAddress <%= @listen_address %>
 
 Protocol 2
 # HostKeys for protocol version 2
@@ -64,7 +65,7 @@ ChallengeResponseAuthentication no
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
 
-X11Forwarding yes
+X11Forwarding <%= @x11_forwarding %>
 X11DisplayOffset 10
 PrintMotd no
 PrintLastLog yes