diff options
Diffstat (limited to 'templates/sshd_config/Gentoo.erb')
| -rw-r--r-- | templates/sshd_config/Gentoo.erb | 56 |
1 files changed, 35 insertions, 21 deletions
diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb index 1b9b98e..77ed378 100644 --- a/templates/sshd_config/Gentoo.erb +++ b/templates/sshd_config/Gentoo.erb @@ -10,14 +10,14 @@ # possible, but leave them commented. Uncommented options change a # default value. -<%- unless real_sshd_port.to_s.empty? then %> -Port <%= real_sshd_port %> +<%- unless sshd_port.to_s.empty? then %> +Port <%= sshd_port %> <%- else %> Port 22 <%- end %> # Use these options to restrict which interfaces/protocols sshd will bind to -<% for address in real_sshd_listen_address -%> +<% for address in sshd_listen_address -%> ListenAddress <%= address %> <% end -%> #AddressFamily any @@ -47,46 +47,46 @@ Protocol 2 #LoginGraceTime 2m PermitRootLogin without-password -<%- if real_sshd_strict_modes.to_s == 'yes' then %> +<%- if sshd_strict_modes.to_s == 'yes' then %> StrictModes yes <%- else %> StrictModes no <%- end %> -<%- unless real_sshd_permit_root_login.to_s.empty? then %> -PermitRootLogin <%= real_sshd_permit_root_login %> +<%- unless sshd_permit_root_login.to_s.empty? then %> +PermitRootLogin <%= sshd_permit_root_login %> <%- else %> PermitRootLogin without-password <%- end %> #MaxAuthTries 6 -<%- if real_sshd_rsa_authentication.to_s == 'yes' then %> +<%- if sshd_rsa_authentication.to_s == 'yes' then %> RSAAuthentication yes <%- else %> RSAAuthentication no <%- end %> -<%- if real_sshd_pubkey_authentication.to_s == 'yes' then %> +<%- if sshd_pubkey_authentication.to_s == 'yes' then %> PubkeyAuthentication yes <%- else %> PubkeyAuthentication no <%- end %> -<%- unless real_sshd_authorized_keys_file.to_s.empty? then %> -AuthorizedKeysFile <%= real_sshd_authorized_keys_file %> +<%- unless sshd_authorized_keys_file.to_s.empty? then %> +AuthorizedKeysFile <%= sshd_authorized_keys_file %> <%- else %> AuthorizedKeysFile %h/.ssh/authorized_keys <%- end %> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %> +<%- if sshd_rhosts_rsa_authentication.to_s == 'yes' then %> RhostsRSAAuthentication yes <%- else %> RhostsRSAAuthentication no <% end -%> # similar for protocol version 2 -<%- if real_sshd_hostbased_authentication.to_s == 'yes' then %> +<%- if sshd_hostbased_authentication.to_s == 'yes' then %> HostbasedAuthentication yes <%- else %> HostbasedAuthentication no @@ -97,28 +97,28 @@ HostbasedAuthentication no #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files -<%- if real_sshd_ignore_rhosts.to_s == 'yes' then %> +<%- if sshd_ignore_rhosts.to_s == 'yes' then %> IgnoreRhosts yes <%- else %> IgnoreRhosts no <% end -%> # To disable tunneled clear text passwords, change to no here! -<%- if real_sshd_password_authentication.to_s == 'yes' then %> +<%- if sshd_password_authentication.to_s == 'yes' then %> PasswordAuthentication yes <%- else %> PasswordAuthentication no <%- end %> # To enable empty passwords, change to yes (NOT RECOMMENDED) -<%- if real_sshd_permit_empty_passwords.to_s == 'yes' then %> +<%- if sshd_permit_empty_passwords.to_s == 'yes' then %> PermitEmptyPasswords yes <% else -%> PermitEmptyPasswords no <% end -%> # Change to no to disable s/key passwords -<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> +<%- if sshd_challenge_response_authentication.to_s == 'yes' then %> ChallengeResponseAuthentication yes <%- else %> ChallengeResponseAuthentication no @@ -145,20 +145,20 @@ ChallengeResponseAuthentication no # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. -<%- if real_sshd_use_pam.to_s == 'yes' then %> +<%- if sshd_use_pam.to_s == 'yes' then %> UsePAM yes <%- else %> UsePAM no <%- end %> -<%- if real_sshd_tcp_forwarding.to_s == 'yes' then %> +<%- if sshd_tcp_forwarding.to_s == 'yes' then %> AllowTcpForwarding yes <%- else %> AllowTcpForwarding no <%- end %> #GatewayPorts no -<%- if real_sshd_x11_forwarding.to_s == 'yes' then %> +<%- if sshd_x11_forwarding.to_s == 'yes' then %> X11Forwarding yes <%- else %> X11Forwarding no @@ -183,7 +183,11 @@ X11Forwarding no #Banner /some/path # override default of no subsystems +<%- if sshd_sftp_subsystem.to_s.empty? then %> Subsystem sftp /usr/lib/misc/sftp-server +<%- else %> +Subsystem sftp <%= sshd_sftp_subsystem %> +<%- end %> # Example of overriding settings on a per-user basis #Match User anoncvs @@ -191,6 +195,16 @@ Subsystem sftp /usr/lib/misc/sftp-server # AllowTcpForwarding no # ForceCommand cvs server -<%- unless real_sshd_allowed_users.to_s.empty? then %> -AllowUsers <%= real_sshd_allowed_users %> +<%- unless sshd_allowed_users.to_s.empty? then %> +AllowUsers <%= sshd_allowed_users %> +<%- end %> +<%- unless sshd_allowed_groups.to_s.empty? then %> +AllowGroups <%= sshd_allowed_groups %> +<%- end %> + + +<%- unless sshd_additional_options.to_s.empty? then %> +<%= sshd_additional_options %> <%- end %> + + |