aboutsummaryrefslogtreecommitdiff
path: root/templates/sshd_config
diff options
context:
space:
mode:
Diffstat (limited to 'templates/sshd_config')
-rw-r--r--templates/sshd_config/CentOS_normal.erb5
-rw-r--r--templates/sshd_config/Debian_normal.erb8
-rw-r--r--templates/sshd_config/Gentoo_normal.erb6
-rw-r--r--templates/sshd_config/OpenBSD_normal.erb6
4 files changed, 20 insertions, 5 deletions
diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb
index a14120f..a053001 100644
--- a/templates/sshd_config/CentOS_normal.erb
+++ b/templates/sshd_config/CentOS_normal.erb
@@ -67,8 +67,11 @@ PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
+<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>
+ChallengeResponseAuthentication yes
+<%- else %>
ChallengeResponseAuthentication no
+<%- end %>
# Kerberos options
#KerberosAuthentication no
diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb
index d9237c6..a1d7a45 100644
--- a/templates/sshd_config/Debian_normal.erb
+++ b/templates/sshd_config/Debian_normal.erb
@@ -52,8 +52,12 @@ HostbasedAuthentication no
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
-# Uncomment to disable s/key passwords
-#ChallengeResponseAuthentication no
+# Change to no to disable s/key passwords
+<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>
+ChallengeResponseAuthentication yes
+<%- else %>
+ChallengeResponseAuthentication no
+<%- end %>
# To disable tunneled clear text passwords, change to no here!
<%- if real_sshd_password_authentication.to_s == 'yes' then %>
diff --git a/templates/sshd_config/Gentoo_normal.erb b/templates/sshd_config/Gentoo_normal.erb
index aa98ae8..5605f14 100644
--- a/templates/sshd_config/Gentoo_normal.erb
+++ b/templates/sshd_config/Gentoo_normal.erb
@@ -70,7 +70,11 @@ PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
+<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>
+ChallengeResponseAuthentication yes
+<%- else %>
+ChallengeResponseAuthentication no
+<%- end %>
# Kerberos options
#KerberosAuthentication no
diff --git a/templates/sshd_config/OpenBSD_normal.erb b/templates/sshd_config/OpenBSD_normal.erb
index 0b84d25..954b420 100644
--- a/templates/sshd_config/OpenBSD_normal.erb
+++ b/templates/sshd_config/OpenBSD_normal.erb
@@ -63,7 +63,11 @@ PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
+<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>
+ChallengeResponseAuthentication yes
+<%- else %>
+ChallengeResponseAuthentication no
+<%- end %>
# Kerberos options
#KerberosAuthentication no
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-16 00:35:42 +0000