bumps sshd_config templates

idiv-biodiversity · Jan 17, 2024 · 5615687 · 5615687
1 parent ea130c6
commit 5615687
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 30 deletions.
diff --git a/templates/sshd_config_redhat_8.conf b/templates/sshd_config_redhat_8.conf
@@ -25,7 +25,6 @@ HostKey {{ key }}
 {% endfor %}
 {% else %}
 HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
 HostKey /etc/ssh/ssh_host_ed25519_key
 {% endif %}
@@ -67,7 +66,7 @@ LogLevel {{ ssh_log_level }}
 {% if ssh_permit_root_login is defined %}
 PermitRootLogin {{ ssh_permit_root_login }}
 {% else %}
-#PermitRootLogin yes
+PermitRootLogin yes
 {% endif %}
 {% if ssh_strict_modes is defined %}
 StrictModes {{ ssh_strict_modes | ternary('yes', 'no') }}
@@ -104,16 +103,17 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #IgnoreRhosts yes
 
 # To disable tunneled clear text passwords, change to no here!
-{% if ssh_password_authentication is defined %}
-PasswordAuthentication {{ ssh_password_authentication | ternary('yes', 'no') }}
-{% else %}
-PasswordAuthentication yes
-{% endif %}
+#PasswordAuthentication yes
 {% if ssh_permit_empty_password is defined %}
 PermitEmptyPasswords {{ ssh_permit_empty_password | ternary('yes', 'no') }}
 {% else %}
 #PermitEmptyPasswords no
 {% endif %}
+{% if ssh_password_authentication is defined %}
+PasswordAuthentication {{ ssh_password_authentication | ternary('yes', 'no') }}
+{% else %}
+PasswordAuthentication yes
+{% endif %}
 
 # Change to no to disable s/key passwords
 {% if ssh_challenge_response_authentication is defined %}
@@ -154,7 +154,7 @@ GSSAPICleanupCredentials no
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
-# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
+# WARNING: 'UsePAM no' is not supported in RHEL and may cause several
 # problems.
 UsePAM yes
 

diff --git a/templates/sshd_config_redhat_9.conf b/templates/sshd_config_redhat_9.conf
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -46,7 +46,7 @@ Include /etc/ssh/sshd_config.d/*.conf
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 # but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile      .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
 
 #AuthorizedPrincipalsFile none
 
@@ -120,11 +120,11 @@ AuthorizedKeysFile      .ssh/authorized_keys
 #Banner none
 
 # override default of no subsystems
-Subsystem       sftp    /usr/libexec/openssh/sftp-server
+Subsystem	sftp	/usr/libexec/openssh/sftp-server
 
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
-#       X11Forwarding no
-#       AllowTcpForwarding no
-#       PermitTTY no
-#       ForceCommand cvs server
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
diff --git a/templates/sshd_config_ubuntu_18.conf b/templates/sshd_config_ubuntu_18.conf
@@ -190,7 +190,6 @@ AcceptEnv {{ env }}
 # Allow client to pass locale environment variables
 AcceptEnv LANG LC_*
 {% endif %}
-
 {% if ssh_subsystems is defined %}
 {% if ssh_subsystems | length %}
 
@@ -201,7 +200,7 @@ Subsystem	{{ subsystem.name }}	{{ subsystem.command }}
 {% else %}
 
 # override default of no subsystems
-Subsystem	sftp	/usr/lib/ssh/sftp-server
+Subsystem	sftp	/usr/lib/openssh/sftp-server
 {% endif %}
 {% if ssh_users is defined %}
 {% if ssh_users %}

diff --git a/templates/sshd_config_ubuntu_20.conf b/templates/sshd_config_ubuntu_20.conf
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -39,7 +39,7 @@ Include /etc/ssh/sshd_config.d/*.conf
 #PubkeyAuthentication yes
 
 # Expect .ssh/authorized_keys2 to be disregarded by default in future.
-#AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2
+#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
 
 #AuthorizedPrincipalsFile none
 
@@ -113,11 +113,11 @@ PrintMotd no
 AcceptEnv LANG LC_*
 
 # override default of no subsystems
-Subsystem       sftp    /usr/lib/openssh/sftp-server
+Subsystem	sftp	/usr/lib/openssh/sftp-server
 
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
-#       X11Forwarding no
-#       AllowTcpForwarding no
-#       PermitTTY no
-#       ForceCommand cvs server
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
diff --git a/templates/sshd_config_ubuntu_22.conf b/templates/sshd_config_ubuntu_22.conf
@@ -1,3 +1,4 @@
+
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
 
@@ -37,7 +38,7 @@ Include /etc/ssh/sshd_config.d/*.conf
 #PubkeyAuthentication yes
 
 # Expect .ssh/authorized_keys2 to be disregarded by default in future.
-#AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2
+#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
 
 #AuthorizedPrincipalsFile none
 
@@ -111,11 +112,11 @@ PrintMotd no
 AcceptEnv LANG LC_*
 
 # override default of no subsystems
-Subsystem       sftp    /usr/lib/openssh/sftp-server
+Subsystem	sftp	/usr/lib/openssh/sftp-server
 
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
-#       X11Forwarding no
-#       AllowTcpForwarding no
-#       PermitTTY no
-#       ForceCommand cvs server
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server