added sshd_rhosts_rsa_authentication variable, default set to no

added sshd_hostbased_authentication variable, default set to no

4 files changed, 47 insertions, 10 deletions

diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb
index e2b4005..0dbe4e6 100644
--- a/templates/sshd_config/CentOS_normal.erb
+++ b/templates/sshd_config/CentOS_normal.erb
@@ -64,9 +64,19 @@ PubkeyAuthentication no
 #AuthorizedKeysFile	.ssh/authorized_keys
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#RhostsRSAAuthentication no
+<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
+RhostsRSAAuthentication yes
+<%- else %>
+RhostsRSAAuthentication no
+<% end -%>
+
 # similar for protocol version 2
-#HostbasedAuthentication no
+<%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
+HostbasedAuthentication yes
+<%- else %>
+HostbasedAuthentication no
+<% end -%>
+
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # RhostsRSAAuthentication and HostbasedAuthentication
 #IgnoreUserKnownHosts no
diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb
index 155c4da..28e799d 100644
--- a/templates/sshd_config/Debian_normal.erb
+++ b/templates/sshd_config/Debian_normal.erb
@@ -53,8 +53,12 @@ PubkeyAuthentication no
 
 #AuthorizedKeysFile	%h/.ssh/authorized_keys
 
-# rhosts authentication should not be used
-#RhostsAuthentication no
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
+RhostsRSAAuthentication yes
+<%- else %>
+RhostsRSAAuthentication no
+<% end -%>
 
 # Don't read the user's ~/.rhosts and ~/.shosts files
 <%- if real_sshd_pubkey_authentication.to_s == 'yes' then %>
@@ -63,10 +67,13 @@ IgnoreRhosts yes
 IgnoreRhosts no
 <% end -%>
 
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-RhostsRSAAuthentication no
 # similar for protocol version 2
+<%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
+HostbasedAuthentication yes
+<%- else %>
 HostbasedAuthentication no
+<% end -%>
+
 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
 #IgnoreUserKnownHosts yes
 
diff --git a/templates/sshd_config/Gentoo_normal.erb b/templates/sshd_config/Gentoo_normal.erb
index c8dbda4..443d8ac 100644
--- a/templates/sshd_config/Gentoo_normal.erb
+++ b/templates/sshd_config/Gentoo_normal.erb
@@ -67,9 +67,19 @@ PubkeyAuthentication no
 #AuthorizedKeysFile	.ssh/authorized_keys
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#RhostsRSAAuthentication no
+<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
+RhostsRSAAuthentication yes
+<%- else %>
+RhostsRSAAuthentication no
+<% end -%>
+
 # similar for protocol version 2
-#HostbasedAuthentication no
+<%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
+HostbasedAuthentication yes
+<%- else %>
+HostbasedAuthentication no
+<% end -%>
+
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # RhostsRSAAuthentication and HostbasedAuthentication
 #IgnoreUserKnownHosts no
diff --git a/templates/sshd_config/OpenBSD_normal.erb b/templates/sshd_config/OpenBSD_normal.erb
index 420f9cc..e6e9bbc 100644
--- a/templates/sshd_config/OpenBSD_normal.erb
+++ b/templates/sshd_config/OpenBSD_normal.erb
@@ -61,9 +61,19 @@ PubkeyAuthentication no
 #AuthorizedKeysFile	.ssh/authorized_keys
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#RhostsRSAAuthentication no
+<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
+RhostsRSAAuthentication yes
+<%- else %>
+RhostsRSAAuthentication no
+<% end -%>
+
 # similar for protocol version 2
-#HostbasedAuthentication no
+<%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
+HostbasedAuthentication yes
+<%- else %>
+HostbasedAuthentication no
+<% end -%>
+
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # RhostsRSAAuthentication and HostbasedAuthentication
 #IgnoreUserKnownHosts no