diff options
Diffstat (limited to 'templates/sshd_config/Debian_squeeze.erb')
| -rw-r--r-- | templates/sshd_config/Debian_squeeze.erb | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb index 56b1cab..dfebcc3 100644 --- a/templates/sshd_config/Debian_squeeze.erb +++ b/templates/sshd_config/Debian_squeeze.erb @@ -8,15 +8,14 @@ <%- end %> # What ports, IPs and protocols we listen for -<%- unless sshd_port.to_s.empty? then -%> -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port %> <% end -%> -<%- else -%> -Port 22 -<%- end %> +<%- end -%> + # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> ListenAddress <%= address %> @@ -198,7 +197,11 @@ AllowUsers <%= sshd_allowed_users -%> AllowGroups <%= sshd_allowed_groups %> <%- end %> +<%- if sshd_hardened_ssl.to_s == 'yes' then -%> +Ciphers aes256-ctr +MACs hmac-sha1 +<%- end -%> + <%- unless sshd_tail_additional_options.to_s.empty? then %> <%= sshd_tail_additional_options %> <%- end %> - |