new options, cleaned up real_ hack

git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2527 d66ca3ae-40d7-4aa7-90d4-87d79ca94279

1 files changed, 35 insertions, 21 deletions

diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb
index 1b9b98e..77ed378 100644
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -10,14 +10,14 @@
 # possible, but leave them commented.  Uncommented options change a
 # default value.
 
-<%- unless real_sshd_port.to_s.empty? then %>
-Port <%= real_sshd_port %>
+<%- unless sshd_port.to_s.empty? then %>
+Port <%= sshd_port %>
 <%- else %>
 Port 22
 <%- end %>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
-<% for address in real_sshd_listen_address -%>
+<% for address in sshd_listen_address -%>
 ListenAddress <%= address %>
 <% end -%>
 #AddressFamily any
@@ -47,46 +47,46 @@ Protocol 2
 #LoginGraceTime 2m
 PermitRootLogin without-password
 
-<%- if real_sshd_strict_modes.to_s == 'yes' then %>
+<%- if sshd_strict_modes.to_s == 'yes' then %>
 StrictModes yes
 <%- else %>
 StrictModes no
 <%- end %>
 
-<%- unless real_sshd_permit_root_login.to_s.empty? then %>
-PermitRootLogin <%= real_sshd_permit_root_login %>
+<%- unless sshd_permit_root_login.to_s.empty? then %>
+PermitRootLogin <%= sshd_permit_root_login %>
 <%- else %>
 PermitRootLogin without-password
 <%- end %>
 #MaxAuthTries 6
 
-<%- if real_sshd_rsa_authentication.to_s == 'yes' then %>
+<%- if sshd_rsa_authentication.to_s == 'yes' then %>
 RSAAuthentication yes
 <%- else %>
 RSAAuthentication no
 <%- end %>
 
-<%- if real_sshd_pubkey_authentication.to_s == 'yes' then %>
+<%- if sshd_pubkey_authentication.to_s == 'yes' then %>
 PubkeyAuthentication yes
 <%- else %>
 PubkeyAuthentication no
 <%- end %>
 
-<%- unless real_sshd_authorized_keys_file.to_s.empty? then %>
-AuthorizedKeysFile <%= real_sshd_authorized_keys_file %>
+<%- unless sshd_authorized_keys_file.to_s.empty? then %>
+AuthorizedKeysFile <%= sshd_authorized_keys_file %>
 <%- else %>
 AuthorizedKeysFile %h/.ssh/authorized_keys
 <%- end %>
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-<%- if real_sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
+<%- if sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
 RhostsRSAAuthentication yes
 <%- else %>
 RhostsRSAAuthentication no
 <% end -%>
 
 # similar for protocol version 2
-<%- if real_sshd_hostbased_authentication.to_s == 'yes' then %>
+<%- if sshd_hostbased_authentication.to_s == 'yes' then %>
 HostbasedAuthentication yes
 <%- else %>
 HostbasedAuthentication no
@@ -97,28 +97,28 @@ HostbasedAuthentication no
 #IgnoreUserKnownHosts no
 
 # Don't read the user's ~/.rhosts and ~/.shosts files
-<%- if real_sshd_ignore_rhosts.to_s == 'yes' then %>
+<%- if sshd_ignore_rhosts.to_s == 'yes' then %>
 IgnoreRhosts yes
 <%- else %>
 IgnoreRhosts no
 <% end -%>
 
 # To disable tunneled clear text passwords, change to no here!
-<%- if real_sshd_password_authentication.to_s == 'yes' then %>
+<%- if sshd_password_authentication.to_s == 'yes' then %>
 PasswordAuthentication yes
 <%- else %>
 PasswordAuthentication no
 <%- end %>
 
 # To enable empty passwords, change to yes (NOT RECOMMENDED)
-<%- if real_sshd_permit_empty_passwords.to_s == 'yes' then %>
+<%- if sshd_permit_empty_passwords.to_s == 'yes' then %>
 PermitEmptyPasswords yes
 <% else -%>
 PermitEmptyPasswords no
 <% end -%>
 
 # Change to no to disable s/key passwords
-<%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %>
+<%- if sshd_challenge_response_authentication.to_s == 'yes' then %>
 ChallengeResponseAuthentication yes
 <%- else %>
 ChallengeResponseAuthentication no
@@ -145,20 +145,20 @@ ChallengeResponseAuthentication no
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
-<%- if real_sshd_use_pam.to_s == 'yes' then %>
+<%- if sshd_use_pam.to_s == 'yes' then %>
 UsePAM yes
 <%- else %>
 UsePAM no
 <%- end %>
 
-<%- if real_sshd_tcp_forwarding.to_s == 'yes' then %>
+<%- if sshd_tcp_forwarding.to_s == 'yes' then %>
 AllowTcpForwarding yes
 <%- else %>
 AllowTcpForwarding no
 <%- end %>
 
 #GatewayPorts no
-<%- if real_sshd_x11_forwarding.to_s == 'yes' then %>
+<%- if sshd_x11_forwarding.to_s == 'yes' then %>
 X11Forwarding yes
 <%- else %>
 X11Forwarding no
@@ -183,7 +183,11 @@ X11Forwarding no
 #Banner /some/path
 
 # override default of no subsystems
+<%- if sshd_sftp_subsystem.to_s.empty? then %>
 Subsystem	sftp	/usr/lib/misc/sftp-server
+<%- else %>
+Subsystem      sftp    <%= sshd_sftp_subsystem %>
+<%- end %>
 
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
@@ -191,6 +195,16 @@ Subsystem	sftp	/usr/lib/misc/sftp-server
 #	AllowTcpForwarding no
 #	ForceCommand cvs server
 
-<%- unless real_sshd_allowed_users.to_s.empty? then %>
-AllowUsers <%= real_sshd_allowed_users %>
+<%- unless sshd_allowed_users.to_s.empty? then %>
+AllowUsers <%= sshd_allowed_users %>
+<%- end %>
+<%- unless sshd_allowed_groups.to_s.empty? then %>
+AllowGroups <%= sshd_allowed_groups %>
+<%- end %>
+
+
+<%- unless sshd_additional_options.to_s.empty? then %>
+<%= sshd_additional_options %>
 <%- end %>
+
+