diff options
Diffstat (limited to 'templates/sshd_config')
-rw-r--r-- | templates/sshd_config/CentOS_normal.erb | 5 | ||||
-rw-r--r-- | templates/sshd_config/Debian_normal.erb | 8 | ||||
-rw-r--r-- | templates/sshd_config/Gentoo_normal.erb | 6 | ||||
-rw-r--r-- | templates/sshd_config/OpenBSD_normal.erb | 6 |
4 files changed, 20 insertions, 5 deletions
diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb index a14120f..a053001 100644 --- a/templates/sshd_config/CentOS_normal.erb +++ b/templates/sshd_config/CentOS_normal.erb @@ -67,8 +67,11 @@ PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes +<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> +ChallengeResponseAuthentication yes +<%- else %> ChallengeResponseAuthentication no +<%- end %> # Kerberos options #KerberosAuthentication no diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb index d9237c6..a1d7a45 100644 --- a/templates/sshd_config/Debian_normal.erb +++ b/templates/sshd_config/Debian_normal.erb @@ -52,8 +52,12 @@ HostbasedAuthentication no # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no -# Uncomment to disable s/key passwords -#ChallengeResponseAuthentication no +# Change to no to disable s/key passwords +<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> +ChallengeResponseAuthentication yes +<%- else %> +ChallengeResponseAuthentication no +<%- end %> # To disable tunneled clear text passwords, change to no here! <%- if real_sshd_password_authentication.to_s == 'yes' then %> diff --git a/templates/sshd_config/Gentoo_normal.erb b/templates/sshd_config/Gentoo_normal.erb index aa98ae8..5605f14 100644 --- a/templates/sshd_config/Gentoo_normal.erb +++ b/templates/sshd_config/Gentoo_normal.erb @@ -70,7 +70,11 @@ PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes +<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> +ChallengeResponseAuthentication yes +<%- else %> +ChallengeResponseAuthentication no +<%- end %> # Kerberos options #KerberosAuthentication no diff --git a/templates/sshd_config/OpenBSD_normal.erb b/templates/sshd_config/OpenBSD_normal.erb index 0b84d25..954b420 100644 --- a/templates/sshd_config/OpenBSD_normal.erb +++ b/templates/sshd_config/OpenBSD_normal.erb @@ -63,7 +63,11 @@ PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes +<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> +ChallengeResponseAuthentication yes +<%- else %> +ChallengeResponseAuthentication no +<%- end %> # Kerberos options #KerberosAuthentication no |