Template out the possibility of specifying the key word 'off' to the

$sshd_port parameter, which simply puts a comment in front of that option, rather than specifying it.
author: Micah Anderson <micah@riseup.net> 2009-07-07 20:55:13 -0400
committer: Micah Anderson <micah@riseup.net> 2009-07-07 20:55:13 -0400
commit: 93e2f4d4c02d01fd430d1b9e1cf6860508a03773 (patch)
tree: ea4bcc3b4a83b73d5e4cca8f6a4989e0ff20c365 /templates
parent: dfebe2a9b537a63c7ff0cf4aeb6cda7a132f77a0 (diff)
5 files changed, 38 insertions, 0 deletions
diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb
index a3a9a52..bc5256a 100644
--- a/templates/sshd_config/CentOS.erb
+++ b/templates/sshd_config/CentOS.erb
@@ -14,6 +14,16 @@
 <%= sshd_head_additional_options %>
 <%- end %>
 
+<%- unless sshd_port.to_s.empty? then -%>
+<%- if sshd_port.to_s == 'off' then -%>
+#Port -- disabled by puppet
+<% else -%>
+Port <%= sshd_port -%>
+<% end -%>
+<%- else -%>
+Port 22
+<%- end -%>
+
 # Use these options to restrict which interfaces/protocols sshd will bind to
 <% for address in sshd_listen_address -%>
 ListenAddress <%= address %>
diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb
index 2524172..746a447 100644
--- a/templates/sshd_config/Debian_etch.erb
+++ b/templates/sshd_config/Debian_etch.erb
@@ -7,7 +7,11 @@
 
 # What ports, IPs and protocols we listen for
 <%- unless sshd_port.to_s.empty? then -%>
+<%- if sshd_port.to_s == 'off' then -%>
+#Port -- disabled by puppet
+<% else -%>
 Port <%= sshd_port -%>
+<% end -%>
 <%- else -%>
 Port 22
 <%- end -%>
diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb
index c7f4ab4..18f3e4d 100644
--- a/templates/sshd_config/Debian_lenny.erb
+++ b/templates/sshd_config/Debian_lenny.erb
@@ -7,7 +7,11 @@
 
 # What ports, IPs and protocols we listen for
 <%- unless sshd_port.to_s.empty? then -%>
+<%- if sshd_port.to_s == 'off' then -%>
+#Port -- disabled by puppet
+<% else -%>
 Port <%= sshd_port -%>
+<% end -%>
 <%- else -%>
 Port 22
 <%- end -%>
diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb
index ad15031..2112f0d 100644
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -14,6 +14,16 @@
 <%= sshd_head_additional_options %>
 <%- end %>
 
+<%- unless sshd_port.to_s.empty? then -%>
+<%- if sshd_port.to_s == 'off' then -%>
+#Port -- disabled by puppet
+<% else -%>
+Port <%= sshd_port -%>
+<% end -%>
+<%- else -%>
+Port 22
+<%- end -%>
+
 # Use these options to restrict which interfaces/protocols sshd will bind to
 <% for address in sshd_listen_address -%>
 ListenAddress <%= address %>
diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb
index 045d9ba..69e8afa 100644
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -12,6 +12,16 @@
 <%= sshd_head_additional_options %>
 <%- end %>
 
+<%- unless sshd_port.to_s.empty? then -%>
+<%- if sshd_port.to_s == 'off' then -%>
+#Port -- disabled by puppet
+<% else -%>
+Port <%= sshd_port -%>
+<% end -%>
+<%- else -%>
+Port 22
+<%- end -%>
+
 # Use these options to restrict which interfaces/protocols sshd will bind to
 <% for address in sshd_listen_address -%>
 ListenAddress <%= address %>
author	Micah Anderson <micah@riseup.net>	2009-07-07 20:55:13 -0400
committer	Micah Anderson <micah@riseup.net>	2009-07-07 20:55:13 -0400
commit	93e2f4d4c02d01fd430d1b9e1cf6860508a03773 (patch)
tree	ea4bcc3b4a83b73d5e4cca8f6a4989e0ff20c365 /templates
parent	dfebe2a9b537a63c7ff0cf4aeb6cda7a132f77a0 (diff)