templates/sshd_custom_conf.erb

###############################################################################    
##### DO NOT EDIT THIS FILE MANUALLY                                          #
##### This file is managed by Puppet. Any changes to this file will be        #
##### overwritten. The file is built via parameters, so any changes should    #
##### be made in the Puppet manifest parameters.                              #
###############################################################################

#Port <%= @ssh_fw_port %>
#AddressFamily <%= @ssh_address_family %>
#ListenAddress <%= @ssh_listen_address %> 
<% if @ssh_use_specific_hostkey -%>
#HostKey /etc/ssh/ssh_host_<%= @ssh_hostkey_type %>_key
<% end -%>
#RekeyLimit <%= @ssh_rekeylimit %>

#SyslogFacility <%= @ssh_syslog_facility %>
#LogLevel <%= @ssh_log_level %>

#LoginGraceTime <%= @ssh_login_grace_time %>
#PermitRootLogin <%= @ssh_root_login %>
#StrictModes <%= @ssh_strict_modes %>
#MaxAuthTries <%= @ssh_max_auth_tries %>
#MaxSessions <%= @ssh_max_sessions %>

#PubkeyAuthentication <%= @ssh_pubkey_auth %>
#AuthorizedKeysFile	<%= @ssh_auth_key_files %>

#AuthorizedPrincipalsFile <%= @ssh_authorized_principals_file %>
#AuthorizedKeysCommand <%= @ssh_authorized_keys_command %>
#AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %>

#PasswordAuthentication <%= @ssh_password_authentication %>
#PermitEmptyPasswords <%= @ssh_permit_empty_passwords %>
#KbdInteractiveAuthentication <%= @ssh_kbd_interactive_auth %>
#UsePAM <%= @ssh_use_pam %>

<% if @ssh_use_kerberos -%>
KerberosAuthentication <%= @ssh_kerberos_authentication %>
KerberosOrLocalPasswd <%= @ssh_kerberos_or_local_passwd %>
KerberosTicketCleanup <%= @ssh_kerberos_ticket_cleanup %>
KerberosGetAFSToken <%= @ssh_kerberos_get_afstoken %>
KerberosUseKuserok <%= @ssh_kerberos_use_kuserok %>
<% end -%>

<% if @ssh_use_gssapi -%>
GSSAPIAuthentication <%= @ssh_gssapi_authentication %>
GSSAPICleanupCredentials <%= @ssh_gssapi_cleanup_credentials %>
GSSAPIKeyExchange <%= @ssh_gssapi_key_exchange %>
GSSAPIEnablek5users <%= @ssh_gssapi_enablek5users %>
<% end -%>

#AllowAgentForwarding <%= @ssh_allow_agent_forwarding %>
#AllowTcpForwarding <%= @ssh_allow_tcp_forwarding %>
#GatewayPorts <%= @ssh_gateway_ports %>
#X11Forwarding <%= @ssh_x11_forwarding %>
#X11DisplayOffset <%= @ssh_x11_display_offset %>
#X11UseLocalhost <%= @ssh_x11_use_localhost %>
#PermitTTY <%= @ssh_permit_tty %>
#PrintMotd <%= @ssh_print_motd %>
#PrintLastLog <%= @ssh_print_lastlog %>
#TCPKeepAlive <%= @ssh_tcp_keepalive %>
#PermitUserEnvironment <%= @ssh_permit_user_environment %>
#Compression <%= @ssh_compression %>
#ClientAliveInterval <%= @ssh_client_alive_interval %>
#ClientAliveCountMax <%= @ssh_client_alive_count_max %>
#UseDNS <%= @ssh_use_dns %>
#PidFile <%= @ssh_pid_file %>
#MaxStartups <%= @ssh_max_startups %>
#PermitTunnel <%= @ssh_permit_tunnel %>
#ChrootDirectory <%= @ssh_chroot_directory %>
#VersionAddendum <%= @ssh_version_addendum %>

#Banner <%= @ssh_banner %>
OP#561 add custom conf dir 2026-04-05 15:35:39 +02:00			`###############################################################################`
			`##### DO NOT EDIT THIS FILE MANUALLY #`
			`##### This file is managed by Puppet. Any changes to this file will be #`
			`##### overwritten. The file is built via parameters, so any changes should #`
			`##### be made in the Puppet manifest parameters. #`
			`###############################################################################`

OP#575 fix params 2026-04-14 12:11:11 +02:00			`#Port <%= @ssh_fw_port %>`
			`#AddressFamily <%= @ssh_address_family %>`
			`#ListenAddress <%= @ssh_listen_address %>`
OP#575 add host key selection 2026-04-13 12:56:43 +02:00			`<% if @ssh_use_specific_hostkey -%>`
OP#575 fix params 2026-04-14 12:11:11 +02:00			`#HostKey /etc/ssh/ssh_host_<%= @ssh_hostkey_type %>_key`
OP#575 add more params 2026-04-13 13:09:26 +02:00			`<% end -%>`
OP#575 fix params 2026-04-14 12:11:11 +02:00			`#RekeyLimit <%= @ssh_rekeylimit %>`
OP#575 add more params 2026-04-13 13:09:26 +02:00
OP#575 fix params 2026-04-14 12:11:11 +02:00			`#SyslogFacility <%= @ssh_syslog_facility %>`
			`#LogLevel <%= @ssh_log_level %>`
OP#575 add more params 2026-04-13 13:09:26 +02:00
OP#575 fix params 2026-04-14 12:11:11 +02:00			`#LoginGraceTime <%= @ssh_login_grace_time %>`
			`#PermitRootLogin <%= @ssh_root_login %>`
			`#StrictModes <%= @ssh_strict_modes %>`
			`#MaxAuthTries <%= @ssh_max_auth_tries %>`
			`#MaxSessions <%= @ssh_max_sessions %>`
OP#575 fix ordering 2026-04-13 13:51:03 +02:00
OP#575 fix params 2026-04-14 12:11:11 +02:00			`#PubkeyAuthentication <%= @ssh_pubkey_auth %>`
			`#AuthorizedKeysFile <%= @ssh_auth_key_files %>`
OP#575 fix ordering 2026-04-13 13:51:03 +02:00
OP#575 fix params 2026-04-14 12:11:11 +02:00			`#AuthorizedPrincipalsFile <%= @ssh_authorized_principals_file %>`
			`#AuthorizedKeysCommand <%= @ssh_authorized_keys_command %>`
			`#AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %>`
OP#575 fix ordering 2026-04-13 14:01:47 +02:00
OP#575 fix params 2026-04-14 12:11:11 +02:00			`#PasswordAuthentication <%= @ssh_password_authentication %>`
			`#PermitEmptyPasswords <%= @ssh_permit_empty_passwords %>`
			`#KbdInteractiveAuthentication <%= @ssh_kbd_interactive_auth %>`
			`#UsePAM <%= @ssh_use_pam %>`
OP#575 finish password section 2026-04-13 14:20:06 +02:00
OP#575 add kerberis and gssapi sections 2026-04-13 14:53:58 +02:00			`<% if @ssh_use_kerberos -%>`
			`KerberosAuthentication <%= @ssh_kerberos_authentication %>`
			`KerberosOrLocalPasswd <%= @ssh_kerberos_or_local_passwd %>`
			`KerberosTicketCleanup <%= @ssh_kerberos_ticket_cleanup %>`
			`KerberosGetAFSToken <%= @ssh_kerberos_get_afstoken %>`
			`KerberosUseKuserok <%= @ssh_kerberos_use_kuserok %>`
			`<% end -%>`

			`<% if @ssh_use_gssapi -%>`
			`GSSAPIAuthentication <%= @ssh_gssapi_authentication %>`
			`GSSAPICleanupCredentials <%= @ssh_gssapi_cleanup_credentials %>`
			`GSSAPIKeyExchange <%= @ssh_gssapi_key_exchange %>`
			`GSSAPIEnablek5users <%= @ssh_gssapi_enablek5users %>`
			`<% end -%>`
OP#575 add more params 2026-04-13 15:51:49 +02:00
OP#575 fix params 2026-04-14 12:11:11 +02:00			`#AllowAgentForwarding <%= @ssh_allow_agent_forwarding %>`
			`#AllowTcpForwarding <%= @ssh_allow_tcp_forwarding %>`
			`#GatewayPorts <%= @ssh_gateway_ports %>`
			`#X11Forwarding <%= @ssh_x11_forwarding %>`
			`#X11DisplayOffset <%= @ssh_x11_display_offset %>`
			`#X11UseLocalhost <%= @ssh_x11_use_localhost %>`
			`#PermitTTY <%= @ssh_permit_tty %>`
			`#PrintMotd <%= @ssh_print_motd %>`
			`#PrintLastLog <%= @ssh_print_lastlog %>`
			`#TCPKeepAlive <%= @ssh_tcp_keepalive %>`
			`#PermitUserEnvironment <%= @ssh_permit_user_environment %>`
			`#Compression <%= @ssh_compression %>`
			`#ClientAliveInterval <%= @ssh_client_alive_interval %>`
			`#ClientAliveCountMax <%= @ssh_client_alive_count_max %>`
			`#UseDNS <%= @ssh_use_dns %>`
			`#PidFile <%= @ssh_pid_file %>`
			`#MaxStartups <%= @ssh_max_startups %>`
			`#PermitTunnel <%= @ssh_permit_tunnel %>`
			`#ChrootDirectory <%= @ssh_chroot_directory %>`
			`#VersionAddendum <%= @ssh_version_addendum %>`
OP#575 finish sshd config file 2026-04-13 16:38:07 +02:00
OP#575 fix params 2026-04-14 12:11:11 +02:00			`#Banner <%= @ssh_banner %>`