Browse Source

Resynchronize Debian sid template with the configuration file currently shipped by the package.

intrigeri 9 years ago
parent
commit
75117dd042
1 changed files with 7 additions and 8 deletions
  1. 7 8
      templates/sshd_config/Debian_sid.erb

+ 7 - 8
templates/sshd_config/Debian_sid.erb

@@ -1,7 +1,7 @@
 # This file is managed by Puppet, all local modifications will be overwritten
 #
 # Package generated configuration file
-# See the sshd(8) manpage for details
+# See the sshd_config(5) manpage for details
 
 <% unless (s=scope.lookupvar('sshd::head_additional_options')).empty? -%>
 <%= s %>
@@ -24,27 +24,26 @@ Protocol 2
 # HostKeys for protocol version 2
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 
 # Lifetime and size of ephemeral version 1 server key
 KeyRegenerationInterval 3600
-ServerKeyBits 768
+ServerKeyBits 1024
 
 # Logging
 SyslogFacility AUTH
 LogLevel INFO
 
 # Authentication:
-LoginGraceTime 600
+LoginGraceTime 120
 PermitRootLogin <%= scope.lookupvar('sshd::permit_root_login') %>
-
 StrictModes <%= scope.lookupvar('sshd::strict_modes') %>
 
 RSAAuthentication <%= scope.lookupvar('sshd::rsa_authentication') %>
-
 PubkeyAuthentication <%= scope.lookupvar('sshd::pubkey_authentication') %>
-
 AuthorizedKeysFile <%= scope.lookupvar('sshd::authorized_keys_file') %>
 
 # Don't read the user's ~/.rhosts and ~/.shosts files
@@ -63,11 +62,12 @@ PermitEmptyPasswords <%= scope.lookupvar('sshd::permit_empty_passwords') %>
 # some PAM modules and threads)
 ChallengeResponseAuthentication <%= scope.lookupvar('sshd::challenge_response_authentication') %>
 
-# To disable tunneled clear text passwords, change to no here!
+# Change to no to disable tunnelled clear text passwords
 PasswordAuthentication <%= scope.lookupvar('sshd::password_authentication') %>
 
 # Kerberos options
 KerberosAuthentication <%= scope.lookupvar('sshd::kerberos_authentication') %>
+#KerberosGetAFSToken no
 KerberosOrLocalPasswd <%= scope.lookupvar('sshd::kerberos_orlocalpasswd') %>
 KerberosTicketCleanup <%= scope.lookupvar('sshd::kerberos_ticketcleanup') %>
 
@@ -80,7 +80,6 @@ X11DisplayOffset 10
 PrintMotd <%= scope.lookupvar('sshd::print_motd') %>
 PrintLastLog yes
 TCPKeepAlive yes
-
 #UseLogin no
 
 #MaxStartups 10:30:60