From 9ac4697eb546304ebc20d85aeeb93a73ca0fed5c Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Wed, 23 Feb 2011 14:25:18 -0300
Subject: Changing parameter name sshd_perfect_forward_secrecy to
 sshd_use_strong_ciphers as sshd already does PFS

---
 manifests/init.pp                        | 4 ++--
 templates/sshd_config/Debian_lenny.erb   | 2 +-
 templates/sshd_config/Debian_squeeze.erb | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index b4e4788..bfefaab 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -95,8 +95,8 @@ class sshd {
   case $sshd_shared_ip {
     '': { $sshd_shared_ip = "no" }
   }
-  case $sshd_perfect_forward_secrecy {
-    '': { $sshd_perfect_forward_secrecy = "no" }
+  case $sshd_use_strong_ciphers {
+    '': { $sshd_use_strong_ciphers = "no" }
   }
 
   include sshd::client 
diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb
index ea04fe6..e85eab3 100644
--- a/templates/sshd_config/Debian_lenny.erb
+++ b/templates/sshd_config/Debian_lenny.erb
@@ -189,7 +189,7 @@ PrintMotd no
 <%= sshd_tail_additional_options %>
 <%- end %>
 
-<%- if sshd_perfect_forward_secrecy.to_s == 'yes' then -%>
+<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <%- end %>
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb
index 09f4351..38f8657 100644
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -203,7 +203,7 @@ AllowGroups <%= sshd_allowed_groups %>
 <%= sshd_tail_additional_options %>
 <%- end %>
 
-<%- if sshd_perfect_forward_secrecy.to_s == 'yes' then -%>
+<%- if sshd_use_strong_ciphers.to_s == 'yes' then -%>
 Ciphers aes256-ctr
 MACs hmac-sha1
 <%- end %>
-- 
cgit v1.2.3