diff options
-rw-r--r-- | templates/sshd_config/Debian_normal.erb | 62 |
1 files changed, 31 insertions, 31 deletions
diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb index 0db99fb..d33064a 100644 --- a/templates/sshd_config/Debian_normal.erb +++ b/templates/sshd_config/Debian_normal.erb @@ -4,10 +4,10 @@ # What ports, IPs and protocols we listen for <%- unless real_sshd_port.to_s.empty? then %> -Port <%= real_sshd_port %> -<%- else %> +Port <%= real_sshd_port -%> +<%- else -%> Port 22 -<%- end %> +<%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: @@ -34,53 +34,53 @@ LogLevel INFO # Authentication: LoginGraceTime 600 <%- unless real_sshd_permit_root_login.to_s.empty? then %> -PermitRootLogin <%= real_sshd_permit_root_login %> -<%- else %> +PermitRootLogin <%= real_sshd_permit_root_login -%> +<%- else -%> PermitRootLogin without-password -<%- end %> +<%- end -%> <%- if real_sshd_strict_modes.to_s == 'yes' then %> StrictModes yes -<%- else %> +<%- else -%> StrictModes no -<%- end %> +<%- end -%> <%- if real_sshd_rsa_authentication.to_s == 'yes' then %> RSAAuthentication yes -<%- else %> +<%- else -%> RSAAuthentication no -<%- end %> +<%- end -%> <%- if real_sshd_pubkey_authentication.to_s == 'yes' then %> PubkeyAuthentication yes -<%- else %> +<%- else -%> PubkeyAuthentication no -<%- end %> +<%- end -%> <%- unless real_sshd_authorized_keys_file.to_s.empty? then %> AuthorizedKeysFile <%= real_sshd_authorized_keys_file %> -<%- else %> +<%- else -%> AuthorizedKeysFile %h/.ssh/authorized_keys -<%- end %> +<%- end -%> # For this to work you will also need host keys in /etc/ssh_known_hosts <%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %> RhostsRSAAuthentication yes -<%- else %> +<%- else -%> RhostsRSAAuthentication no <% end -%> # Don't read the user's ~/.rhosts and ~/.shosts files <%- if real_sshd_ignore_rhosts.to_s == 'yes' then %> IgnoreRhosts yes -<%- else %> +<%- else -%> IgnoreRhosts no <% end -%> # similar for protocol version 2 <%- if real_sshd_hostbased_authentication.to_s == 'yes' then %> HostbasedAuthentication yes -<%- else %> +<%- else -%> HostbasedAuthentication no <% end -%> @@ -97,16 +97,16 @@ PermitEmptyPasswords no # Change to no to disable s/key passwords <%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> ChallengeResponseAuthentication yes -<%- else %> +<%- else -%> ChallengeResponseAuthentication no -<%- end %> +<%- end -%> # To disable tunneled clear text passwords, change to no here! <%- if real_sshd_password_authentication.to_s == 'yes' then %> PasswordAuthentication yes -<%- else %> +<%- else -%> PasswordAuthentication no -<%- end %> +<%- end -%> # To change Kerberos options #KerberosAuthentication no @@ -119,9 +119,9 @@ PasswordAuthentication no <%- if real_sshd_x11_forwarding.to_s == 'yes' then %> X11Forwarding yes -<%- else %> +<%- else -%> X11Forwarding no -<%- end %> +<%- end -%> X11DisplayOffset 10 KeepAlive yes #UseLogin no @@ -143,27 +143,27 @@ KeepAlive yes # and ChallengeResponseAuthentication to 'no'. <%- if real_sshd_use_pam.to_s == 'yes' then %> UsePAM yes -<%- else %> +<%- else -%> UsePAM no -<%- end %> +<%- end -%> HostbasedUsesNameFromPacketOnly yes <%- if real_sshd_tcp_forwarding.to_s == 'yes' then %> AllowTcpForwarding yes -<%- else %> +<%- else -%> AllowTcpForwarding no -<%- end %> +<%- end -%> <%- if real_sshd_agent_forwarding.to_s == 'yes' then %> AllowAgentForwarding yes -<%- else %> +<%- else -%> AllowAgentForwarding no -<%- end %> +<%- end -%> ChallengeResponseAuthentication no <%- unless real_sshd_allowed_users.to_s.empty? then %> -AllowUsers <%= real_sshd_allowed_users %> -<%- end %> +AllowUsers <%= real_sshd_allowed_users -%> +<%- end -%> |