diff options
Diffstat (limited to 'templates')
-rw-r--r-- | templates/sshd_config/CentOS.erb | 23 | ||||
-rw-r--r-- | templates/sshd_config/Debian_etch.erb | 16 | ||||
-rw-r--r-- | templates/sshd_config/Debian_lenny.erb | 15 | ||||
-rw-r--r-- | templates/sshd_config/Gentoo.erb | 20 | ||||
-rw-r--r-- | templates/sshd_config/OpenBSD.erb | 20 |
5 files changed, 65 insertions, 29 deletions
diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb index fcaf4d6..a253029 100644 --- a/templates/sshd_config/CentOS.erb +++ b/templates/sshd_config/CentOS.erb @@ -10,15 +10,20 @@ # possible, but leave them commented. Uncommented options change a # default value. +<%- unless sshd_head_additional_options.to_s.empty? then %> +<%= sshd_head_additional_options %> +<%- end %> + <%- unless sshd_port.to_s.empty? then -%> -Port <%= sshd_port %> +<%- if sshd_port.to_s == 'off' then -%> +#Port -- disabled by puppet +<% else -%> +Port <%= sshd_port -%> +<% end -%> <%- else -%> -#Port 22 +Port 22 <%- end -%> -#Protocol 2,1 -Protocol 2 -#AddressFamily any # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> ListenAddress <%= address %> @@ -199,8 +204,6 @@ AllowUsers <%= sshd_allowed_users %> AllowGroups <%= sshd_allowed_groups %> <%- end -%> - -<%- unless sshd_additional_options.to_s.empty? then -%> -<%= sshd_additional_options %> -<%- end -%> - +<%- unless sshd_tail_additional_options.to_s.empty? then %> +<%= sshd_tail_additional_options %> +<%- end %> diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb index 28aa52c..746a447 100644 --- a/templates/sshd_config/Debian_etch.erb +++ b/templates/sshd_config/Debian_etch.erb @@ -1,9 +1,17 @@ # Package generated configuration file # See the sshd(8) manpage for details +<%- unless sshd_head_additional_options.to_s.empty? then %> +<%= sshd_head_additional_options %> +<%- end %> + # What ports, IPs and protocols we listen for <%- unless sshd_port.to_s.empty? then -%> +<%- if sshd_port.to_s == 'off' then -%> +#Port -- disabled by puppet +<% else -%> Port <%= sshd_port -%> +<% end -%> <%- else -%> Port 22 <%- end -%> @@ -131,7 +139,7 @@ KeepAlive yes #ReverseMappingCheck yes <%- if sshd_sftp_subsystem.to_s.empty? then %> -#Subsystem sftp /usr/lib/sftp-server +Subsystem sftp /usr/lib/openssh/sftp-server <%- else %> Subsystem sftp <%= sshd_sftp_subsystem %> <%- end %> @@ -168,9 +176,9 @@ AllowUsers <%= sshd_allowed_users -%> AllowGroups <%= sshd_allowed_groups %> <%- end %> +PrintMotd no -<%- unless sshd_additional_options.to_s.empty? then %> -<%= sshd_additional_options %> +<%- unless sshd_tail_additional_options.to_s.empty? then %> +<%= sshd_tail_additional_options %> <%- end %> - diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb index 8d68808..18f3e4d 100644 --- a/templates/sshd_config/Debian_lenny.erb +++ b/templates/sshd_config/Debian_lenny.erb @@ -1,9 +1,17 @@ # Package generated configuration file # See the sshd(8) manpage for details +<%- unless sshd_head_additional_options.to_s.empty? then %> +<%= sshd_head_additional_options %> +<%- end %> + # What ports, IPs and protocols we listen for <%- unless sshd_port.to_s.empty? then -%> +<%- if sshd_port.to_s == 'off' then -%> +#Port -- disabled by puppet +<% else -%> Port <%= sshd_port -%> +<% end -%> <%- else -%> Port 22 <%- end -%> @@ -131,7 +139,7 @@ KeepAlive yes #ReverseMappingCheck yes <%- if sshd_sftp_subsystem.to_s.empty? then %> -#Subsystem sftp /usr/lib/sftp-server +Subsystem sftp /usr/lib/openssh/sftp-server <%- else %> Subsystem sftp <%= sshd_sftp_subsystem %> <%- end %> @@ -174,8 +182,9 @@ AllowUsers <%= sshd_allowed_users -%> AllowGroups <%= sshd_allowed_groups %> <%- end %> +PrintMotd no -<%- unless sshd_additional_options.to_s.empty? then %> -<%= sshd_additional_options %> +<%- unless sshd_tail_additional_options.to_s.empty? then %> +<%= sshd_tail_additional_options %> <%- end %> diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb index 77ed378..2112f0d 100644 --- a/templates/sshd_config/Gentoo.erb +++ b/templates/sshd_config/Gentoo.erb @@ -10,12 +10,20 @@ # possible, but leave them commented. Uncommented options change a # default value. -<%- unless sshd_port.to_s.empty? then %> -Port <%= sshd_port %> -<%- else %> -Port 22 +<%- unless sshd_head_additional_options.to_s.empty? then %> +<%= sshd_head_additional_options %> <%- end %> +<%- unless sshd_port.to_s.empty? then -%> +<%- if sshd_port.to_s == 'off' then -%> +#Port -- disabled by puppet +<% else -%> +Port <%= sshd_port -%> +<% end -%> +<%- else -%> +Port 22 +<%- end -%> + # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> ListenAddress <%= address %> @@ -203,8 +211,8 @@ AllowGroups <%= sshd_allowed_groups %> <%- end %> -<%- unless sshd_additional_options.to_s.empty? then %> -<%= sshd_additional_options %> +<%- unless sshd_tail_additional_options.to_s.empty? then %> +<%= sshd_tail_additional_options %> <%- end %> diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb index a6e0763..69e8afa 100644 --- a/templates/sshd_config/OpenBSD.erb +++ b/templates/sshd_config/OpenBSD.erb @@ -8,12 +8,20 @@ # possible, but leave them commented. Uncommented options change a # default value. -<%- unless sshd_port.to_s.empty? then %> -Port <%= sshd_port %> -<%- else %> -Port 22 +<%- unless sshd_head_additional_options.to_s.empty? then %> +<%= sshd_head_additional_options %> <%- end %> +<%- unless sshd_port.to_s.empty? then -%> +<%- if sshd_port.to_s == 'off' then -%> +#Port -- disabled by puppet +<% else -%> +Port <%= sshd_port -%> +<% end -%> +<%- else -%> +Port 22 +<%- end -%> + # Use these options to restrict which interfaces/protocols sshd will bind to <% for address in sshd_listen_address -%> ListenAddress <%= address %> @@ -178,6 +186,6 @@ AllowGroups <%= sshd_allowed_groups %> # AllowTcpForwarding no # ForceCommand cvs server -<%- unless sshd_additional_options.to_s.empty? then %> -<%= sshd_additional_options %> +<%- unless sshd_tail_additional_options.to_s.empty? then %> +<%= sshd_tail_additional_options %> <%- end %> |