diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb index 70bb4bf..d717856 100644 --- a/templates/sshd_config/Debian_sid.erb +++ b/templates/sshd_config/Debian_sid.erb @@ -1,7 +1,7 @@ # This file is managed by Puppet, all local modifications will be overwritten # # Package generated configuration file -# See the sshd(8) manpage for details +# See the sshd_config(5) manpage for details <% unless (s=scope.lookupvar('sshd::head_additional_options')).empty? -%> <%= s %> @@ -24,27 +24,26 @@ Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 -ServerKeyBits 768 +ServerKeyBits 1024 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: -LoginGraceTime 600 +LoginGraceTime 120 PermitRootLogin <%= scope.lookupvar('sshd::permit_root_login') %> - StrictModes <%= scope.lookupvar('sshd::strict_modes') %> RSAAuthentication <%= scope.lookupvar('sshd::rsa_authentication') %> - PubkeyAuthentication <%= scope.lookupvar('sshd::pubkey_authentication') %> - AuthorizedKeysFile <%= scope.lookupvar('sshd::authorized_keys_file') %> # Don't read the user's ~/.rhosts and ~/.shosts files @@ -63,11 +62,12 @@ PermitEmptyPasswords <%= scope.lookupvar('sshd::permit_empty_passwords') %> # some PAM modules and threads) ChallengeResponseAuthentication <%= scope.lookupvar('sshd::challenge_response_authentication') %> -# To disable tunneled clear text passwords, change to no here! +# Change to no to disable tunnelled clear text passwords PasswordAuthentication <%= scope.lookupvar('sshd::password_authentication') %> # Kerberos options KerberosAuthentication <%= scope.lookupvar('sshd::kerberos_authentication') %> +#KerberosGetAFSToken no KerberosOrLocalPasswd <%= scope.lookupvar('sshd::kerberos_orlocalpasswd') %> KerberosTicketCleanup <%= scope.lookupvar('sshd::kerberos_ticketcleanup') %> @@ -80,7 +80,6 @@ X11DisplayOffset 10 PrintMotd <%= scope.lookupvar('sshd::print_motd') %> PrintLastLog yes TCPKeepAlive yes - #UseLogin no #MaxStartups 10:30:60