projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
firefox considers style in .svg things "unsafe-inline" settings, so we need a differe...
[mirror/dsa-puppet.git]
/
modules
/
ssh
/
templates
/
sshd_config.erb
diff --git
a/modules/ssh/templates/sshd_config.erb
b/modules/ssh/templates/sshd_config.erb
index
b2d563b
..
6330a27
100644
(file)
--- a/
modules/ssh/templates/sshd_config.erb
+++ b/
modules/ssh/templates/sshd_config.erb
@@
-9,7
+9,6
@@
# What ports, IPs and protocols we listen for
Port 22
<%= extraports = case fqdn
# What ports, IPs and protocols we listen for
Port 22
<%= extraports = case fqdn
- when "ravel.debian.org" then "Port 443"
when "paradis.debian.org" then "
ListenAddress 0.0.0.0:22
ListenAddress [::]:22
when "paradis.debian.org" then "
ListenAddress 0.0.0.0:22
ListenAddress [::]:22
@@
-25,6
+24,9
@@
extraports
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
+<%- if has_variable?("has_etc_ssh_ssh_host_ed25519_key") && has_etc_ssh_ssh_host_ed25519_key == "true" -%>
+HostKey /etc/ssh/ssh_host_ed25519_key
+<% end %>
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
@@
-86,10
+88,7
@@
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
-<% if %w{squeeze}.include?(scope.lookupvar('::lsbdistcodename')) %>
-AuthorizedKeysFile /etc/ssh/userkeys/%u
-AuthorizedKeysFile2 /var/lib/misc/userkeys/%u
-<% else %>
+
AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more
AuthorizedKeysFile /etc/ssh/userkeys/%u /var/lib/misc/userkeys/%u /etc/ssh/userkeys/%u.more
-<% end %>
+
PasswordAuthentication no
PasswordAuthentication no