aboutsummaryrefslogtreecommitdiff
path: root/templates/sshd_config/OpenBSD.erb
diff options
context:
space:
mode:
Diffstat (limited to 'templates/sshd_config/OpenBSD.erb')
-rw-r--r--templates/sshd_config/OpenBSD.erb13
1 files changed, 8 insertions, 5 deletions
diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb
index 69e8afa..7a20cd9 100644
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -12,14 +12,12 @@
<%= sshd_head_additional_options %>
<%- end %>
-<%- unless sshd_port.to_s.empty? then -%>
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
#Port -- disabled by puppet
<% else -%>
-Port <%= sshd_port -%>
+Port <%= port %>
<% end -%>
-<%- else -%>
-Port 22
<%- end -%>
# Use these options to restrict which interfaces/protocols sshd will bind to
@@ -186,6 +184,11 @@ AllowGroups <%= sshd_allowed_groups %>
# AllowTcpForwarding no
# ForceCommand cvs server
+<%- if sshd_hardened_ssl.to_s == 'yes' then -%>
+Ciphers aes256-ctr
+MACs hmac-sha1
+<%- end -%>
+
<%- unless sshd_tail_additional_options.to_s.empty? then %>
<%= sshd_tail_additional_options %>
<%- end %>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 08:37:52 +0000