Resync Debian sid template with the Squeeze's one.

Currently, the only difference is LoginGraceTime, that defaults to 600 in sid.

diff --git a/templates/sshd_config/Debian_sid.erb b/templates/sshd_config/Debian_sid.erb
index 13895b78f8b76896ecd077025c50390b468ce7dd..acb79e3891fdc13aac672d449172a30b3fb39581 100644 (file)
--- a/templates/sshd_config/Debian_sid.erb
+++ b/templates/sshd_config/Debian_sid.erb
@@ -1,19 +1,19 @@
+# This file is managed by Puppet, all local modifications will be overwritten
+#
 # Package generated configuration file
-# See the sshd_config(5) manpage for details
+# See the sshd(8) manpage for details
 
 <%- unless sshd_head_additional_options.to_s.empty? then %>
 <%= sshd_head_additional_options %>
 <%- end %>
 
 # What ports, IPs and protocols we listen for
-<%- unless sshd_port.to_s.empty? then -%>
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port %>
 <% end -%>
-<%- else -%>
-Port 22
 <%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
@@ -85,7 +85,6 @@ HostbasedAuthentication yes
 <%- else -%>
 HostbasedAuthentication no
 <% end -%>
-
 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
 #IgnoreUserKnownHosts yes
 
@@ -104,7 +103,7 @@ ChallengeResponseAuthentication yes
 ChallengeResponseAuthentication no
 <%- end -%>
 
-# Change to no to disable tunnelled clear text passwords
+# To disable tunneled clear text passwords, change to no here!
 <%- if sshd_password_authentication.to_s == 'yes' then -%>
 PasswordAuthentication yes
 <%- else -%>
@@ -112,14 +111,33 @@ PasswordAuthentication no
 <%- end -%>
 
 # Kerberos options
-#KerberosAuthentication no
-#KerberosGetAFSToken no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
+<%- if sshd_kerberos_authentication.to_s == 'yes' then -%>
+KerberosAuthentication yes
+<%- else -%>
+KerberosAuthentication no
+<%- end -%>
+<%- if sshd_kerberos_orlocalpasswd.to_s == 'yes' then -%>
+KerberosOrLocalPasswd yes
+<%- else -%>
+KerberosOrLocalPasswd no
+<%- end -%>
+<%- if sshd_kerberos_ticketcleanup.to_s == 'yes' then -%>
+KerberosTicketCleanup yes
+<%- else -%>
+KerberosTicketCleanup no
+<%- end -%>
 
 # GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
+<%- if sshd_gssapi_authentication.to_s == 'yes' then -%>
+GSSAPIAuthentication yes
+<%- else -%>
+GSSAPIAuthentication no
+<%- end -%>
+<%- if sshd_gssapi_authentication.to_s == 'yes' then -%>
+GSSAPICleanupCredentials yes
+<%- else -%>
+GSSAPICleanupCredentials yes
+<%- end -%>
 
 <%- if sshd_x11_forwarding.to_s == 'yes' then -%>
 X11Forwarding yes
@@ -130,6 +148,7 @@ X11DisplayOffset 10
 PrintMotd no
 PrintLastLog yes
 TCPKeepAlive yes
+
 #UseLogin no
 
 #MaxStartups 10:30:60
@@ -159,7 +178,7 @@ UsePAM yes
 UsePAM no
 <%- end -%>
 
-#HostbasedUsesNameFromPacketOnly yes
+HostbasedUsesNameFromPacketOnly yes
 
 <%- if sshd_tcp_forwarding.to_s == 'yes' then -%>
 AllowTcpForwarding yes
@@ -183,4 +202,3 @@ AllowGroups <%= sshd_allowed_groups %>
 <%- unless sshd_tail_additional_options.to_s.empty? then %>
 <%= sshd_tail_additional_options %>
 <%- end %>
-