diff options
Diffstat (limited to 'templates/sshd_config/OpenBSD.erb')
-rw-r--r-- | templates/sshd_config/OpenBSD.erb | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb index 69e8afa..7a20cd9 100644 --- a/templates/sshd_config/OpenBSD.erb +++ b/templates/sshd_config/OpenBSD.erb @@ -12,14 +12,12 @@ <%= sshd_head_additional_options %> <%- end %> -<%- unless sshd_port.to_s.empty? then -%> -<%- if sshd_port.to_s == 'off' then -%> +<%- sshd_ports.each do |port| -%> +<%- if port.to_s == 'off' then -%> #Port -- disabled by puppet <% else -%> -Port <%= sshd_port -%> +Port <%= port %> <% end -%> -<%- else -%> -Port 22 <%- end -%> # Use these options to restrict which interfaces/protocols sshd will bind to @@ -186,6 +184,11 @@ AllowGroups <%= sshd_allowed_groups %> # AllowTcpForwarding no # ForceCommand cvs server +<%- if sshd_hardened_ssl.to_s == 'yes' then -%> +Ciphers aes256-ctr +MACs hmac-sha1 +<%- end -%> + <%- unless sshd_tail_additional_options.to_s.empty? then %> <%= sshd_tail_additional_options %> <%- end %> |