aboutsummaryrefslogtreecommitdiff
path: root/templates/sshd_config/OpenBSD.erb
diff options
context:
space:
mode:
Diffstat (limited to 'templates/sshd_config/OpenBSD.erb')
-rw-r--r--templates/sshd_config/OpenBSD.erb51
1 files changed, 31 insertions, 20 deletions
diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb
index 32f6780..a6e0763 100644
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -8,14 +8,14 @@
# possible, but leave them commented. Uncommented options change a
# default value.
-<%- unless real_sshd_port.to_s.empty? then %>
-Port <%= real_sshd_port %>
+<%- unless sshd_port.to_s.empty? then %>
+Port <%= sshd_port %>
<%- else %>
Port 22
<%- end %>
# Use these options to restrict which interfaces/protocols sshd will bind to
-<% for address in real_sshd_listen_address -%>
+<% for address in sshd_listen_address -%>
ListenAddress <%= address %>
<% end -%>
#Protocol 2,1
@@ -39,13 +39,13 @@ ListenAddress <%= address %>
# Authentication:
#LoginGraceTime 2m
-<%- unless real_sshd_permit_root_login.to_s.empty? then %>
-PermitRootLogin <%= real_sshd_permit_root_login %>
+<%- unless sshd_permit_root_login.to_s.empty? then %>
+PermitRootLogin <%= sshd_permit_root_login %>
<%- else %>
PermitRootLogin without-password
<%- end %>
-<%- if real_sshd_strict_modes.to_s == 'yes' then %>
+<%- if sshd_strict_modes.to_s == 'yes' then %>
StrictModes yes
<%- else %>
StrictModes no
@@ -53,33 +53,33 @@ StrictModes no
#MaxAuthTries 6
-<%- if real_sshd_rsa_authentication.to_s == 'yes' then %>
+<%- if sshd_rsa_authentication.to_s == 'yes' then %>
RSAAuthentication yes
<%- else %>
RSAAuthentication no
<%- end %>
-<%- if real_sshd_pubkey_authentication.to_s == 'yes' then %>
+<%- if sshd_pubkey_authentication.to_s == 'yes' then %>
PubkeyAuthentication yes
<%- else %>
PubkeyAuthentication no
<%- end %>
-<%- unless real_sshd_authorized_keys_file.to_s.empty? then %>
-AuthorizedKeysFile <%= real_sshd_authorized_keys_file %>
+<%- unless sshd_authorized_keys_file.to_s.empty? then %>
+AuthorizedKeysFile <%= sshd_authorized_keys_file %>
<%- else %>
AuthorizedKeysFile %h/.ssh/authorized_keys
<%- end %>
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
+<%- if sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
RhostsRSAAuthentication yes
<%- else %>
RhostsRSAAuthentication no
<% end -%>
# similar for protocol version 2
-<%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
+<%- if sshd_hostbased_authentication.to_s == 'yes' then %>
HostbasedAuthentication yes
<%- else %>
HostbasedAuthentication no
@@ -90,28 +90,28 @@ HostbasedAuthentication no
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
-<%- if real_sshd_ignore_rhosts.to_s == 'yes' then %>
+<%- if sshd_ignore_rhosts.to_s == 'yes' then %>
IgnoreRhosts yes
<%- else %>
IgnoreRhosts no
<% end -%>
# To disable tunneled clear text passwords, change to no here!
-<%- if real_sshd_password_authentication.to_s == 'yes' then %>
+<%- if sshd_password_authentication.to_s == 'yes' then %>
PasswordAuthentication yes
<%- else %>
PasswordAuthentication no
<%- end %>
# To enable empty passwords, change to yes (NOT RECOMMENDED)
-<%- if real_sshd_permit_empty_passwords.to_s == 'yes' then %>
+<%- if sshd_permit_empty_passwords.to_s == 'yes' then %>
PermitEmptyPasswords yes
<% else -%>
PermitEmptyPasswords no
<% end -%>
# Change to no to disable s/key passwords
-<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>
+<%- if sshd_challenge_response_authentication.to_s == 'yes' then %>
ChallengeResponseAuthentication yes
<%- else %>
ChallengeResponseAuthentication no
@@ -127,14 +127,14 @@ ChallengeResponseAuthentication no
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
-<%- if real_sshd_tcp_forwarding.to_s == 'yes' then %>
+<%- if sshd_tcp_forwarding.to_s == 'yes' then %>
AllowTcpForwarding yes
<%- else %>
AllowTcpForwarding no
<%- end %>
#GatewayPorts no
-<%- if real_sshd_x11_forwarding.to_s == 'yes' then %>
+<%- if sshd_x11_forwarding.to_s == 'yes' then %>
X11Forwarding yes
<%- else %>
X11Forwarding no
@@ -159,10 +159,17 @@ X11Forwarding no
#Banner /some/path
# override default of no subsystems
+<%- if sshd_sftp_subsystem.to_s.empty? then %>
Subsystem sftp /usr/libexec/sftp-server
+<%- else %>
+Subsystem sftp <%= sshd_sftp_subsystem %>
+<%- end %>
-<%- unless real_sshd_allowed_users.to_s.empty? then %>
-AllowUsers <%= real_sshd_allowed_users %>
+<%- unless sshd_allowed_users.to_s.empty? then %>
+AllowUsers <%= sshd_allowed_users %>
+<%- end %>
+<%- unless sshd_allowed_groups.to_s.empty? then %>
+AllowGroups <%= sshd_allowed_groups %>
<%- end %>
# Example of overriding settings on a per-user basis
@@ -170,3 +177,7 @@ AllowUsers <%= real_sshd_allowed_users %>
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
+
+<%- unless sshd_additional_options.to_s.empty? then %>
+<%= sshd_additional_options %>
+<%- end %>