diff --git a/templates/sshd_config_redhat_8.conf b/templates/sshd_config_redhat_8.conf index 40639f3..228d67a 100644 --- a/templates/sshd_config_redhat_8.conf +++ b/templates/sshd_config_redhat_8.conf @@ -25,7 +25,6 @@ HostKey {{ key }} {% endfor %} {% else %} HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key {% endif %} @@ -67,7 +66,7 @@ LogLevel {{ ssh_log_level }} {% if ssh_permit_root_login is defined %} PermitRootLogin {{ ssh_permit_root_login }} {% else %} -#PermitRootLogin yes +PermitRootLogin yes {% endif %} {% if ssh_strict_modes is defined %} StrictModes {{ ssh_strict_modes | ternary('yes', 'no') }} @@ -104,16 +103,17 @@ AuthorizedKeysFile .ssh/authorized_keys #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! -{% if ssh_password_authentication is defined %} -PasswordAuthentication {{ ssh_password_authentication | ternary('yes', 'no') }} -{% else %} -PasswordAuthentication yes -{% endif %} +#PasswordAuthentication yes {% if ssh_permit_empty_password is defined %} PermitEmptyPasswords {{ ssh_permit_empty_password | ternary('yes', 'no') }} {% else %} #PermitEmptyPasswords no {% endif %} +{% if ssh_password_authentication is defined %} +PasswordAuthentication {{ ssh_password_authentication | ternary('yes', 'no') }} +{% else %} +PasswordAuthentication yes +{% endif %} # Change to no to disable s/key passwords {% if ssh_challenge_response_authentication is defined %} @@ -154,7 +154,7 @@ GSSAPICleanupCredentials no # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. -# WARNING: 'UsePAM no' is not supported in Fedora and may cause several +# WARNING: 'UsePAM no' is not supported in RHEL and may cause several # problems. UsePAM yes diff --git a/templates/sshd_config_redhat_9.conf b/templates/sshd_config_redhat_9.conf index 07efd26..6240f99 100644 --- a/templates/sshd_config_redhat_9.conf +++ b/templates/sshd_config_redhat_9.conf @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -46,7 +46,7 @@ Include /etc/ssh/sshd_config.d/*.conf # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none @@ -120,11 +120,11 @@ AuthorizedKeysFile .ssh/authorized_keys #Banner none # override default of no subsystems -Subsystem sftp /usr/libexec/openssh/sftp-server +Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/templates/sshd_config_ubuntu_18.conf b/templates/sshd_config_ubuntu_18.conf index e98b1ac..b618ab5 100644 --- a/templates/sshd_config_ubuntu_18.conf +++ b/templates/sshd_config_ubuntu_18.conf @@ -190,7 +190,6 @@ AcceptEnv {{ env }} # Allow client to pass locale environment variables AcceptEnv LANG LC_* {% endif %} - {% if ssh_subsystems is defined %} {% if ssh_subsystems | length %} @@ -201,7 +200,7 @@ Subsystem {{ subsystem.name }} {{ subsystem.command }} {% else %} # override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server +Subsystem sftp /usr/lib/openssh/sftp-server {% endif %} {% if ssh_users is defined %} {% if ssh_users %} diff --git a/templates/sshd_config_ubuntu_20.conf b/templates/sshd_config_ubuntu_20.conf index 6a85e7a..dc0db57 100644 --- a/templates/sshd_config_ubuntu_20.conf +++ b/templates/sshd_config_ubuntu_20.conf @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -39,7 +39,7 @@ Include /etc/ssh/sshd_config.d/*.conf #PubkeyAuthentication yes # Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none @@ -113,11 +113,11 @@ PrintMotd no AcceptEnv LANG LC_* # override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server +Subsystem sftp /usr/lib/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/templates/sshd_config_ubuntu_22.conf b/templates/sshd_config_ubuntu_22.conf index 30c612a..edacf09 100644 --- a/templates/sshd_config_ubuntu_22.conf +++ b/templates/sshd_config_ubuntu_22.conf @@ -1,3 +1,4 @@ + # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -37,7 +38,7 @@ Include /etc/ssh/sshd_config.d/*.conf #PubkeyAuthentication yes # Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none @@ -111,11 +112,11 @@ PrintMotd no AcceptEnv LANG LC_* # override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server +Subsystem sftp /usr/lib/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server