aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--templates/sshd_config/Debian_normal.erb62
1 files changed, 31 insertions, 31 deletions
diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb
index 0db99fb..d33064a 100644
--- a/templates/sshd_config/Debian_normal.erb
+++ b/templates/sshd_config/Debian_normal.erb
@@ -4,10 +4,10 @@
# What ports, IPs and protocols we listen for
<%- unless real_sshd_port.to_s.empty? then %>
-Port <%= real_sshd_port %>
-<%- else %>
+Port <%= real_sshd_port -%>
+<%- else -%>
Port 22
-<%- end %>
+<%- end -%>
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
@@ -34,53 +34,53 @@ LogLevel INFO
# Authentication:
LoginGraceTime 600
<%- unless real_sshd_permit_root_login.to_s.empty? then %>
-PermitRootLogin <%= real_sshd_permit_root_login %>
-<%- else %>
+PermitRootLogin <%= real_sshd_permit_root_login -%>
+<%- else -%>
PermitRootLogin without-password
-<%- end %>
+<%- end -%>
<%- if real_sshd_strict_modes.to_s == 'yes' then %>
StrictModes yes
-<%- else %>
+<%- else -%>
StrictModes no
-<%- end %>
+<%- end -%>
<%- if real_sshd_rsa_authentication.to_s == 'yes' then %>
RSAAuthentication yes
-<%- else %>
+<%- else -%>
RSAAuthentication no
-<%- end %>
+<%- end -%>
<%- if real_sshd_pubkey_authentication.to_s == 'yes' then %>
PubkeyAuthentication yes
-<%- else %>
+<%- else -%>
PubkeyAuthentication no
-<%- end %>
+<%- end -%>
<%- unless real_sshd_authorized_keys_file.to_s.empty? then %>
AuthorizedKeysFile <%= real_sshd_authorized_keys_file %>
-<%- else %>
+<%- else -%>
AuthorizedKeysFile %h/.ssh/authorized_keys
-<%- end %>
+<%- end -%>
# For this to work you will also need host keys in /etc/ssh_known_hosts
<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
RhostsRSAAuthentication yes
-<%- else %>
+<%- else -%>
RhostsRSAAuthentication no
<% end -%>
# Don't read the user's ~/.rhosts and ~/.shosts files
<%- if real_sshd_ignore_rhosts.to_s == 'yes' then %>
IgnoreRhosts yes
-<%- else %>
+<%- else -%>
IgnoreRhosts no
<% end -%>
# similar for protocol version 2
<%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
HostbasedAuthentication yes
-<%- else %>
+<%- else -%>
HostbasedAuthentication no
<% end -%>
@@ -97,16 +97,16 @@ PermitEmptyPasswords no
# Change to no to disable s/key passwords
<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>
ChallengeResponseAuthentication yes
-<%- else %>
+<%- else -%>
ChallengeResponseAuthentication no
-<%- end %>
+<%- end -%>
# To disable tunneled clear text passwords, change to no here!
<%- if real_sshd_password_authentication.to_s == 'yes' then %>
PasswordAuthentication yes
-<%- else %>
+<%- else -%>
PasswordAuthentication no
-<%- end %>
+<%- end -%>
# To change Kerberos options
#KerberosAuthentication no
@@ -119,9 +119,9 @@ PasswordAuthentication no
<%- if real_sshd_x11_forwarding.to_s == 'yes' then %>
X11Forwarding yes
-<%- else %>
+<%- else -%>
X11Forwarding no
-<%- end %>
+<%- end -%>
X11DisplayOffset 10
KeepAlive yes
#UseLogin no
@@ -143,27 +143,27 @@ KeepAlive yes
# and ChallengeResponseAuthentication to 'no'.
<%- if real_sshd_use_pam.to_s == 'yes' then %>
UsePAM yes
-<%- else %>
+<%- else -%>
UsePAM no
-<%- end %>
+<%- end -%>
HostbasedUsesNameFromPacketOnly yes
<%- if real_sshd_tcp_forwarding.to_s == 'yes' then %>
AllowTcpForwarding yes
-<%- else %>
+<%- else -%>
AllowTcpForwarding no
-<%- end %>
+<%- end -%>
<%- if real_sshd_agent_forwarding.to_s == 'yes' then %>
AllowAgentForwarding yes
-<%- else %>
+<%- else -%>
AllowAgentForwarding no
-<%- end %>
+<%- end -%>
ChallengeResponseAuthentication no
<%- unless real_sshd_allowed_users.to_s.empty? then %>
-AllowUsers <%= real_sshd_allowed_users %>
-<%- end %>
+AllowUsers <%= real_sshd_allowed_users -%>
+<%- end -%>