upstream capability, fix new lines

- added new upstream options
- don't put new lines for control statements

diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb
index 1e060cb4784887cc21009bd7b9e407aa2a0f0e42..fcaf4d67d26f59b407996f4d5c9acdb031af94aa 100644 (file)
--- a/templates/sshd_config/CentOS.erb
+++ b/templates/sshd_config/CentOS.erb
@@ -10,19 +10,20 @@
 # possible, but leave them commented.  Uncommented options change a
 # default value.
 
-<%- unless sshd_port.to_s.empty? then %>
+<%- unless sshd_port.to_s.empty? then -%>
 Port <%= sshd_port %>
-<%- else %>
-Port 22
-<%- end %>
+<%- else -%>
+#Port 22
+<%- end -%>
 
+#Protocol 2,1
+Protocol 2
+#AddressFamily any
 # Use these options to restrict which interfaces/protocols sshd will bind to
 <% for address in sshd_listen_address -%>
 ListenAddress <%= address %>
 <% end -%>
-#AddressFamily any
-#Protocol 2,1
-Protocol 2
+
 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
 # HostKeys for protocol version 2
@@ -42,49 +43,49 @@ SyslogFacility AUTHPRIV
 # Authentication:
 
 #LoginGraceTime 2m
-<%- unless sshd_permit_root_login.to_s.empty? then %>
+<%- unless sshd_permit_root_login.to_s.empty? then -%>
 PermitRootLogin <%= sshd_permit_root_login %>
-<%- else %>
+<%- else -%>
 PermitRootLogin without-password
-<%- end %>
+<%- end -%>
 
-<%- if sshd_strict_modes.to_s == 'yes' then %>
+<%- if sshd_strict_modes.to_s == 'yes' then -%>
 StrictModes yes
-<%- else %>
+<%- else -%>
 StrictModes no
-<%- end %>
+<%- end -%>
 
 #MaxAuthTries 6
 
-<%- if sshd_rsa_authentication.to_s == 'yes' then %>
+<%- if sshd_rsa_authentication.to_s == 'yes' then -%>
 RSAAuthentication yes
-<%- else %>
+<%- else -%>
 RSAAuthentication no
-<%- end %>
+<%- end -%>
 
-<%- if sshd_pubkey_authentication.to_s == 'yes' then %>
+<%- if sshd_pubkey_authentication.to_s == 'yes' then -%>
 PubkeyAuthentication yes
-<%- else %>
+<%- else -%>
 PubkeyAuthentication no
-<%- end %>
+<%- end -%>
 
-<%- unless sshd_authorized_keys_file.to_s.empty? then %>
+<%- unless sshd_authorized_keys_file.to_s.empty? then -%>
 AuthorizedKeysFile <%= sshd_authorized_keys_file %>
-<%- else %>
+<%- else -%>
 AuthorizedKeysFile %h/.ssh/authorized_keys
-<%- end %>
+<%- end -%>
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-<%- if sshd_rhosts_rsa_authentication.to_s == 'yes' then %>
+<%- if sshd_rhosts_rsa_authentication.to_s == 'yes' then -%>
 RhostsRSAAuthentication yes
-<%- else %>
+<%- else -%>
 RhostsRSAAuthentication no
 <% end -%>
 
 # similar for protocol version 2
-<%- if sshd_hostbased_authentication.to_s == 'yes' then %>
+<%- if sshd_hostbased_authentication.to_s == 'yes' then -%>
 HostbasedAuthentication yes
-<%- else %>
+<%- else -%>
 HostbasedAuthentication no
 <% end -%>
 
@@ -93,32 +94,32 @@ HostbasedAuthentication no
 #IgnoreUserKnownHosts no
 
 # Don't read the user's ~/.rhosts and ~/.shosts files
-<%- if sshd_ignore_rhosts.to_s == 'yes' then %>
+<%- if sshd_ignore_rhosts.to_s == 'yes' then -%>
 IgnoreRhosts yes
-<%- else %>
+<%- else -%>
 IgnoreRhosts no
 <% end -%>
 
 # To disable tunneled clear text passwords, change to no here!
-<%- if sshd_password_authentication.to_s == 'yes' then %>
+<%- if sshd_password_authentication.to_s == 'yes' then -%>
 PasswordAuthentication yes
-<%- else %>
+<%- else -%>
 PasswordAuthentication no
-<%- end %>
+<%- end -%>
 
 # To enable empty passwords, change to yes (NOT RECOMMENDED)
-<%- if sshd_permit_empty_passwords.to_s == 'yes' then %>
+<%- if sshd_permit_empty_passwords.to_s == 'yes' then -%>
 PermitEmptyPasswords yes
 <% else -%>
 PermitEmptyPasswords no
 <% end -%>
 
 # Change to no to disable s/key passwords
-<%- if sshd_challenge_response_authentication.to_s == 'yes' then %>
+<%- if sshd_challenge_response_authentication.to_s == 'yes' then -%>
 ChallengeResponseAuthentication yes
-<%- else %>
+<%- else -%>
 ChallengeResponseAuthentication no
-<%- end %>
+<%- end -%>
 
 # Kerberos options
 #KerberosAuthentication no
@@ -139,30 +140,30 @@ ChallengeResponseAuthentication no
 # session checks to run without PAM authentication, then enable this but set 
 # ChallengeResponseAuthentication=no
 #UsePAM no
-<%- if sshd_use_pam.to_s == 'yes' then %>
+<%- if sshd_use_pam.to_s == 'yes' then -%>
 UsePAM yes
-<%- else %>
+<%- else -%>
 UsePAM no
-<%- end %>
+<%- end -%>
 
 # Accept locale-related environment variables
 AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
 AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
 AcceptEnv LC_IDENTIFICATION LC_ALL
 
-<%- if sshd_tcp_forwarding.to_s == 'yes' then %>
+<%- if sshd_tcp_forwarding.to_s == 'yes' then -%>
 AllowTcpForwarding yes
-<%- else %>
+<%- else -%>
 AllowTcpForwarding no
-<%- end %>
+<%- end -%>
 
 #GatewayPorts no
 #X11Forwarding no
-<%- if sshd_x11_forwarding.to_s == 'yes' then %>
+<%- if sshd_x11_forwarding.to_s == 'yes' then -%>
 X11Forwarding yes
-<%- else %>
+<%- else -%>
 X11Forwarding no
-<%- end %>
+<%- end -%>
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PrintMotd yes
@@ -179,26 +180,27 @@ X11Forwarding no
 #PidFile /var/run/sshd.pid
 #MaxStartups 10
 #PermitTunnel no
+#ChrootDirectory none
 
 # no default banner path
 #Banner /some/path
 
 # override default of no subsystems
-<%- if sshd_sftp_subsystem.to_s.empty? then %>
+<%- if sshd_sftp_subsystem.to_s.empty? then -%>
 Subsystem      sftp    /usr/libexec/openssh/sftp-server
-<%- else %>
+<%- else -%>
 Subsystem      sftp    <%= sshd_sftp_subsystem %>
-<%- end %>
+<%- end -%>
 
-<%- unless sshd_allowed_users.to_s.empty? then %>
+<%- unless sshd_allowed_users.to_s.empty? then -%>
 AllowUsers <%= sshd_allowed_users %>
-<%- end %>
-<%- unless sshd_allowed_groups.to_s.empty? then %>
+<%- end -%>
+<%- unless sshd_allowed_groups.to_s.empty? then -%>
 AllowGroups <%= sshd_allowed_groups %>
-<%- end %>
+<%- end -%>
 
 
-<%- unless sshd_additional_options.to_s.empty? then %>
+<%- unless sshd_additional_options.to_s.empty? then -%>
 <%= sshd_additional_options %>
-<%- end %>
+<%- end -%>