diff options
| author | varac <varacanero@zeromail.org> | 2015-05-04 14:03:50 +0200 |
|---|---|---|
| committer | varac <varacanero@zeromail.org> | 2015-05-04 14:03:50 +0200 |
| commit | 943dd94dfab1de9316a5ed4c0751b36a6c75447a (patch) | |
| tree | ea8e120b7d7ef84ba71391f39870092e43391627 /templates/sshd_config/Debian_sid.erb | |
| parent | 750a497758d94c2f5a6cad23cecc3dbde2d2f92f (diff) | |
| parent | e9596d0f6d243ae00bb5b360a5c37bed577c5438 (diff) | |
Merge remote-tracking branch 'shared/master' into leap_master
Conflicts:
templates/sshd_config/Debian_wheezy.erb
Diffstat (limited to 'templates/sshd_config/Debian_sid.erb')
| -rw-r--r-- | templates/sshd_config/Debian_sid.erb | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb index 70bb4bf..033f409 100644 --- a/templates/sshd_config/Debian_sid.erb +++ b/templates/sshd_config/Debian_sid.erb @@ -1,7 +1,7 @@ # This file is managed by Puppet, all local modifications will be overwritten # # Package generated configuration file -# See the sshd(8) manpage for details +# See the sshd_config(5) manpage for details <% unless (s=scope.lookupvar('sshd::head_additional_options')).empty? -%> <%= s %> @@ -22,29 +22,27 @@ ListenAddress <%= address %> <% end -%> Protocol 2 # HostKeys for protocol version 2 -HostKey /etc/ssh/ssh_host_rsa_key -HostKey /etc/ssh/ssh_host_dsa_key +<% scope.lookupvar('sshd::hostkey_type').to_a.each do |hostkey_type| -%> +HostKey /etc/ssh/ssh_host_<%=hostkey_type %>_key +<% end -%> #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 -ServerKeyBits 768 +ServerKeyBits 1024 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: -LoginGraceTime 600 +LoginGraceTime 120 PermitRootLogin <%= scope.lookupvar('sshd::permit_root_login') %> - StrictModes <%= scope.lookupvar('sshd::strict_modes') %> RSAAuthentication <%= scope.lookupvar('sshd::rsa_authentication') %> - PubkeyAuthentication <%= scope.lookupvar('sshd::pubkey_authentication') %> - AuthorizedKeysFile <%= scope.lookupvar('sshd::authorized_keys_file') %> # Don't read the user's ~/.rhosts and ~/.shosts files @@ -63,11 +61,12 @@ PermitEmptyPasswords <%= scope.lookupvar('sshd::permit_empty_passwords') %> # some PAM modules and threads) ChallengeResponseAuthentication <%= scope.lookupvar('sshd::challenge_response_authentication') %> -# To disable tunneled clear text passwords, change to no here! +# Change to no to disable tunnelled clear text passwords PasswordAuthentication <%= scope.lookupvar('sshd::password_authentication') %> # Kerberos options KerberosAuthentication <%= scope.lookupvar('sshd::kerberos_authentication') %> +#KerberosGetAFSToken no KerberosOrLocalPasswd <%= scope.lookupvar('sshd::kerberos_orlocalpasswd') %> KerberosTicketCleanup <%= scope.lookupvar('sshd::kerberos_ticketcleanup') %> @@ -80,7 +79,6 @@ X11DisplayOffset 10 PrintMotd <%= scope.lookupvar('sshd::print_motd') %> PrintLastLog yes TCPKeepAlive yes - #UseLogin no #MaxStartups 10:30:60 |