From 9edd2705d4c59ac8cb75a67b587d06d32cb5e6c6 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Fri, 26 Sep 2008 17:30:28 -0400
Subject: add sshd_ignore_rhosts option, default set to yes

---
 templates/sshd_config/Gentoo_normal.erb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'templates/sshd_config/Gentoo_normal.erb')

diff --git a/templates/sshd_config/Gentoo_normal.erb b/templates/sshd_config/Gentoo_normal.erb
index 04712bd..c8dbda4 100644
--- a/templates/sshd_config/Gentoo_normal.erb
+++ b/templates/sshd_config/Gentoo_normal.erb
@@ -73,8 +73,13 @@ PubkeyAuthentication no
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # RhostsRSAAuthentication and HostbasedAuthentication
 #IgnoreUserKnownHosts no
+
 # Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
+<%- if real_sshd_pubkey_authentication.to_s == 'yes' then %>
+IgnoreRhosts yes
+<%- else %>
+IgnoreRhosts no
+<% end -%>
 
 # To disable tunneled clear text passwords, change to no here!
 <%- if real_sshd_password_authentication.to_s == 'yes' then %>
-- 
cgit v1.2.3