basessh: enable internal sftp server globally.

In the past we only enabled sftp on servers where we needed it. (ones using sshfs, ones that users might need to sftp to, etc). However, now days the openssh scp client uses sftp, so we might as well just enable it globally so people don't need to use 'scp -O' (which has it use the old scp protocol, which will be removed someday). Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2026-02-02 20:59:02 +08:00 · 2022-06-29 14:14:43 -07:00
parent 725704c511
commit 8398aec029
6 changed files with 0 additions and 14 deletions
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -233,10 +233,6 @@ ssh_hostnames: []
 sshd_keyhelper: false
 # Normal default sshd port is 22
 sshd_port: 22
-#
-# sshd can run a internal sftp server, we need this on some hosts, but
-# not on most of them, so default to false
-sshd_sftp: false
 tcp_ports: []
 # example of ports for default iptables
 # tcp_ports: [ 22, 80, 443 ]
--- a/inventory/group_vars/batcave
+++ b/inventory/group_vars/batcave
@@ -71,6 +71,5 @@ nrpe_procs_crit: 1000
 nrpe_procs_warn: 900
 num_cpus: 10
 primary_auth_source: ipa
-sshd_sftp: true
 tcp_ports: [80, 443, 8442, 8443]
 vpn: true
--- a/inventory/group_vars/people
+++ b/inventory/group_vars/people
@@ -41,6 +41,4 @@ ipa_client_sudo_groups:
 ipa_host_group: people
 ipa_host_group_desc: A place for people to host things
 primary_auth_source: ipa
-# enable sftp for cotributors.
-sshd_sftp: true
 vpn: true
--- a/inventory/group_vars/secondary
+++ b/inventory/group_vars/secondary
@@ -22,5 +22,4 @@ nrpe_procs_crit: 1000
 nrpe_procs_warn: 900
 primary_auth_source: ipa
 rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}"
-sshd_sftp: true
 tcp_ports: [80, 443, 873]
--- a/inventory/host_vars/koji01.iad2.fedoraproject.org
+++ b/inventory/host_vars/koji01.iad2.fedoraproject.org
@@ -10,8 +10,6 @@ ks_repo: http://10.3.163.35/pub/fedora/linux/releases/35/Server/x86_64/os/
 ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
 nrpe_procs_crit: 1000
 nrpe_procs_warn: 900
-# we need sftp here in order to support the sshfs mount on buildvm-s390x-01
-sshd_sftp: true
 virt_install_command: "{{ virt_install_command_one_nic }}"
 vmhost: bvmhost-x86-02.iad2.fedoraproject.org
 volgroup: /dev/vg_guests
--- a/roles/basessh/templates/sshd_config
+++ b/roles/basessh/templates/sshd_config
@@ -62,8 +62,4 @@ AuthorizedKeysCommand /usr/libexec/pagure/keyhelper.py "%u" "%h" "%t" "%f"
 AuthorizedKeysCommandUser nobody
 AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
 {% endif %}
-
-
-{% if sshd_sftp %}
 Subsystem sftp internal-sftp
-{% endif %}