aboutsummaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
Diffstat (limited to 'templates')
-rw-r--r--templates/sshd_config/CentOS.erb23
-rw-r--r--templates/sshd_config/Debian_etch.erb16
-rw-r--r--templates/sshd_config/Debian_lenny.erb15
-rw-r--r--templates/sshd_config/Gentoo.erb20
-rw-r--r--templates/sshd_config/OpenBSD.erb20
5 files changed, 65 insertions, 29 deletions
diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb
index fcaf4d6..a253029 100644
--- a/templates/sshd_config/CentOS.erb
+++ b/templates/sshd_config/CentOS.erb
@@ -10,15 +10,20 @@
# possible, but leave them commented. Uncommented options change a
# default value.
+<%- unless sshd_head_additional_options.to_s.empty? then %>
+<%= sshd_head_additional_options %>
+<%- end %>
+
<%- unless sshd_port.to_s.empty? then -%>
-Port <%= sshd_port %>
+<%- if sshd_port.to_s == 'off' then -%>
+#Port -- disabled by puppet
+<% else -%>
+Port <%= sshd_port -%>
+<% end -%>
<%- else -%>
-#Port 22
+Port 22
<%- end -%>
-#Protocol 2,1
-Protocol 2
-#AddressFamily any
# Use these options to restrict which interfaces/protocols sshd will bind to
<% for address in sshd_listen_address -%>
ListenAddress <%= address %>
@@ -199,8 +204,6 @@ AllowUsers <%= sshd_allowed_users %>
AllowGroups <%= sshd_allowed_groups %>
<%- end -%>
-
-<%- unless sshd_additional_options.to_s.empty? then -%>
-<%= sshd_additional_options %>
-<%- end -%>
-
+<%- unless sshd_tail_additional_options.to_s.empty? then %>
+<%= sshd_tail_additional_options %>
+<%- end %>
diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb
index 28aa52c..746a447 100644
--- a/templates/sshd_config/Debian_etch.erb
+++ b/templates/sshd_config/Debian_etch.erb
@@ -1,9 +1,17 @@
# Package generated configuration file
# See the sshd(8) manpage for details
+<%- unless sshd_head_additional_options.to_s.empty? then %>
+<%= sshd_head_additional_options %>
+<%- end %>
+
# What ports, IPs and protocols we listen for
<%- unless sshd_port.to_s.empty? then -%>
+<%- if sshd_port.to_s == 'off' then -%>
+#Port -- disabled by puppet
+<% else -%>
Port <%= sshd_port -%>
+<% end -%>
<%- else -%>
Port 22
<%- end -%>
@@ -131,7 +139,7 @@ KeepAlive yes
#ReverseMappingCheck yes
<%- if sshd_sftp_subsystem.to_s.empty? then %>
-#Subsystem sftp /usr/lib/sftp-server
+Subsystem sftp /usr/lib/openssh/sftp-server
<%- else %>
Subsystem sftp <%= sshd_sftp_subsystem %>
<%- end %>
@@ -168,9 +176,9 @@ AllowUsers <%= sshd_allowed_users -%>
AllowGroups <%= sshd_allowed_groups %>
<%- end %>
+PrintMotd no
-<%- unless sshd_additional_options.to_s.empty? then %>
-<%= sshd_additional_options %>
+<%- unless sshd_tail_additional_options.to_s.empty? then %>
+<%= sshd_tail_additional_options %>
<%- end %>
-
diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb
index 8d68808..18f3e4d 100644
--- a/templates/sshd_config/Debian_lenny.erb
+++ b/templates/sshd_config/Debian_lenny.erb
@@ -1,9 +1,17 @@
# Package generated configuration file
# See the sshd(8) manpage for details
+<%- unless sshd_head_additional_options.to_s.empty? then %>
+<%= sshd_head_additional_options %>
+<%- end %>
+
# What ports, IPs and protocols we listen for
<%- unless sshd_port.to_s.empty? then -%>
+<%- if sshd_port.to_s == 'off' then -%>
+#Port -- disabled by puppet
+<% else -%>
Port <%= sshd_port -%>
+<% end -%>
<%- else -%>
Port 22
<%- end -%>
@@ -131,7 +139,7 @@ KeepAlive yes
#ReverseMappingCheck yes
<%- if sshd_sftp_subsystem.to_s.empty? then %>
-#Subsystem sftp /usr/lib/sftp-server
+Subsystem sftp /usr/lib/openssh/sftp-server
<%- else %>
Subsystem sftp <%= sshd_sftp_subsystem %>
<%- end %>
@@ -174,8 +182,9 @@ AllowUsers <%= sshd_allowed_users -%>
AllowGroups <%= sshd_allowed_groups %>
<%- end %>
+PrintMotd no
-<%- unless sshd_additional_options.to_s.empty? then %>
-<%= sshd_additional_options %>
+<%- unless sshd_tail_additional_options.to_s.empty? then %>
+<%= sshd_tail_additional_options %>
<%- end %>
diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb
index 77ed378..2112f0d 100644
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -10,12 +10,20 @@
# possible, but leave them commented. Uncommented options change a
# default value.
-<%- unless sshd_port.to_s.empty? then %>
-Port <%= sshd_port %>
-<%- else %>
-Port 22
+<%- unless sshd_head_additional_options.to_s.empty? then %>
+<%= sshd_head_additional_options %>
<%- end %>
+<%- unless sshd_port.to_s.empty? then -%>
+<%- if sshd_port.to_s == 'off' then -%>
+#Port -- disabled by puppet
+<% else -%>
+Port <%= sshd_port -%>
+<% end -%>
+<%- else -%>
+Port 22
+<%- end -%>
+
# Use these options to restrict which interfaces/protocols sshd will bind to
<% for address in sshd_listen_address -%>
ListenAddress <%= address %>
@@ -203,8 +211,8 @@ AllowGroups <%= sshd_allowed_groups %>
<%- end %>
-<%- unless sshd_additional_options.to_s.empty? then %>
-<%= sshd_additional_options %>
+<%- unless sshd_tail_additional_options.to_s.empty? then %>
+<%= sshd_tail_additional_options %>
<%- end %>
diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb
index a6e0763..69e8afa 100644
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -8,12 +8,20 @@
# possible, but leave them commented. Uncommented options change a
# default value.
-<%- unless sshd_port.to_s.empty? then %>
-Port <%= sshd_port %>
-<%- else %>
-Port 22
+<%- unless sshd_head_additional_options.to_s.empty? then %>
+<%= sshd_head_additional_options %>
<%- end %>
+<%- unless sshd_port.to_s.empty? then -%>
+<%- if sshd_port.to_s == 'off' then -%>
+#Port -- disabled by puppet
+<% else -%>
+Port <%= sshd_port -%>
+<% end -%>
+<%- else -%>
+Port 22
+<%- end -%>
+
# Use these options to restrict which interfaces/protocols sshd will bind to
<% for address in sshd_listen_address -%>
ListenAddress <%= address %>
@@ -178,6 +186,6 @@ AllowGroups <%= sshd_allowed_groups %>
# AllowTcpForwarding no
# ForceCommand cvs server
-<%- unless sshd_additional_options.to_s.empty? then %>
-<%= sshd_additional_options %>
+<%- unless sshd_tail_additional_options.to_s.empty? then %>
+<%= sshd_tail_additional_options %>
<%- end %>