1 files changed, 11 insertions, 7 deletions

diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb
index 3c3d562..65befdc 100644
--- a/templates/sshd_config/Debian_lenny.erb
+++ b/templates/sshd_config/Debian_lenny.erb
@@ -6,14 +6,12 @@
 <%- end %>
 
 # What ports, IPs and protocols we listen for
-<%- unless sshd_port.to_s.empty? then -%>
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port %>
 <% end -%>
-<%- else -%>
-Port 22
 <%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
@@ -138,6 +136,9 @@ KeepAlive yes
 #Banner /etc/issue.net
 #ReverseMappingCheck yes
 
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
 <%- if sshd_sftp_subsystem.to_s.empty? then %>
 Subsystem	sftp	/usr/lib/openssh/sftp-server
 <%- else %>
@@ -159,8 +160,6 @@ UsePAM yes
 UsePAM no
 <%- end -%>
 
-HostbasedUsesNameFromPacketOnly yes
-
 <%- if sshd_tcp_forwarding.to_s == 'yes' then -%>
 AllowTcpForwarding yes
 <%- else -%>
@@ -182,6 +181,11 @@ AllowGroups <%= sshd_allowed_groups %>
 
 PrintMotd no
 
+<%- if sshd_hardened_ssl.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end -%>
+
 <%- unless sshd_tail_additional_options.to_s.empty? then %>
 <%= sshd_tail_additional_options %>
 <%- end %>