aboutsummaryrefslogtreecommitdiff
path: root/templates/sshd_config/Debian_sid.erb
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2011-02-21 18:29:25 +0100
committerintrigeri <intrigeri@boum.org>2011-02-21 18:29:25 +0100
commitc99ff17b1fc6769cc1323a7857a1234dc408dc9b (patch)
tree5317a9a8c3ef6364dd23352683e936aec8f72700 /templates/sshd_config/Debian_sid.erb
parent6baed9bd81fe24087a57c6d7192e9e06b6299b41 (diff)
downloadpuppet-sshd-c99ff17b1fc6769cc1323a7857a1234dc408dc9b.tar.gz
puppet-sshd-c99ff17b1fc6769cc1323a7857a1234dc408dc9b.tar.bz2
Resync Debian sid template with the Squeeze's one.
Currently, the only difference is LoginGraceTime, that defaults to 600 in sid.
Diffstat (limited to 'templates/sshd_config/Debian_sid.erb')
-rw-r--r--templates/sshd_config/Debian_sid.erb50
1 files changed, 34 insertions, 16 deletions
diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb
index 13895b7..acb79e3 100644
--- a/templates/sshd_config/Debian_sid.erb
+++ b/templates/sshd_config/Debian_sid.erb
@@ -1,19 +1,19 @@
+# This file is managed by Puppet, all local modifications will be overwritten
+#
# Package generated configuration file
-# See the sshd_config(5) manpage for details
+# See the sshd(8) manpage for details
<%- unless sshd_head_additional_options.to_s.empty? then %>
<%= sshd_head_additional_options %>
<%- end %>
# What ports, IPs and protocols we listen for
-<%- unless sshd_port.to_s.empty? then -%>
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
#Port -- disabled by puppet
<% else -%>
-Port <%= sshd_port -%>
+Port <%= port %>
<% end -%>
-<%- else -%>
-Port 22
<%- end -%>
# Use these options to restrict which interfaces/protocols sshd will bind to
@@ -85,7 +85,6 @@ HostbasedAuthentication yes
<%- else -%>
HostbasedAuthentication no
<% end -%>
-
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
@@ -104,7 +103,7 @@ ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
<%- end -%>
-# Change to no to disable tunnelled clear text passwords
+# To disable tunneled clear text passwords, change to no here!
<%- if sshd_password_authentication.to_s == 'yes' then -%>
PasswordAuthentication yes
<%- else -%>
@@ -112,14 +111,33 @@ PasswordAuthentication no
<%- end -%>
# Kerberos options
-#KerberosAuthentication no
-#KerberosGetAFSToken no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
+<%- if sshd_kerberos_authentication.to_s == 'yes' then -%>
+KerberosAuthentication yes
+<%- else -%>
+KerberosAuthentication no
+<%- end -%>
+<%- if sshd_kerberos_orlocalpasswd.to_s == 'yes' then -%>
+KerberosOrLocalPasswd yes
+<%- else -%>
+KerberosOrLocalPasswd no
+<%- end -%>
+<%- if sshd_kerberos_ticketcleanup.to_s == 'yes' then -%>
+KerberosTicketCleanup yes
+<%- else -%>
+KerberosTicketCleanup no
+<%- end -%>
# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
+<%- if sshd_gssapi_authentication.to_s == 'yes' then -%>
+GSSAPIAuthentication yes
+<%- else -%>
+GSSAPIAuthentication no
+<%- end -%>
+<%- if sshd_gssapi_authentication.to_s == 'yes' then -%>
+GSSAPICleanupCredentials yes
+<%- else -%>
+GSSAPICleanupCredentials yes
+<%- end -%>
<%- if sshd_x11_forwarding.to_s == 'yes' then -%>
X11Forwarding yes
@@ -130,6 +148,7 @@ X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
+
#UseLogin no
#MaxStartups 10:30:60
@@ -159,7 +178,7 @@ UsePAM yes
UsePAM no
<%- end -%>
-#HostbasedUsesNameFromPacketOnly yes
+HostbasedUsesNameFromPacketOnly yes
<%- if sshd_tcp_forwarding.to_s == 'yes' then -%>
AllowTcpForwarding yes
@@ -183,4 +202,3 @@ AllowGroups <%= sshd_allowed_groups %>
<%- unless sshd_tail_additional_options.to_s.empty? then %>
<%= sshd_tail_additional_options %>
<%- end %>
-