basessh: Make keyhelper explicit

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>

inventory/group_vars/all

@@ -258,6 +258,7 @@ ipa_admin_password: "{{ ipa_prod_admin_password }}"
 
 # Normal default sshd port is 22
 sshd_port: 22
+sshd_keyhelper: false
 
 # List of names under which the host is available
 ssh_hostnames: []

inventory/group_vars/pagure

@@ -19,6 +19,7 @@ stunnel_source_port: 8088
 stunnel_destination_port: 8080
 
 sshd_config: ssh/sshd_config.pagure
+sshd_keyhelper: true
 
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:

inventory/group_vars/pagure-stg

@@ -18,6 +18,7 @@ stunnel_source_port: 8088
 stunnel_destination_port: 8080
 
 sshd_config: ssh/sshd_config.pagure
+sshd_keyhelper: true
 
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:

roles/basessh/templates/sshd_config

@@ -39,7 +39,7 @@ AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
 AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
 AcceptEnv XMODIFIERS
 
-{% if sshd_config == "pagure" %}
+{% if sshd_keyhelper %}
 # For repospanner/git
 AuthorizedKeysCommandUser git
 AuthorizedKeysCommand /usr/libexec/pagure/keyhelper.py "%u" "%h" "%t" "%f"