From 12610cf4b91d2cedd7b83eecca62d8e46d114c57 Mon Sep 17 00:00:00 2001
From: 12ww1160 <12ww1160@confdroid.com>
Date: Mon, 13 Apr 2026 13:09:26 +0200
Subject: [PATCH] OP#575 add more params

---
 manifests/params.pp            |  9 +++++++++
 templates/sshd_custom_conf.erb | 17 +++++++++++------
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/manifests/params.pp b/manifests/params.pp
index 9b29811..60bc548 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -27,6 +27,12 @@
 # @param [Boolean] ssh_use_specific_hostkey whether to use a specific host key
 # @param [String] ssh_hostkey_type type of host key to use if 
 #   ssh_use_specific_hostkey is true
+# @param [String] ssh_rekeylimit RekeyLimit setting for sshd_config. 
+#   Default is 'default none'.
+# @param [String] ssh_syslog_facility SyslogFacility setting for sshd_config.
+#   Default is 'AUTH'.
+# @param [String] ssh_log_level LogLevel setting for sshd_config.
+#   Default is 'INFO'.
 ##############################################################################
 class confdroid_ssh::params (
 
@@ -54,6 +60,9 @@ class confdroid_ssh::params (
   String  $ssh_authorized_keys_command_user = 'nobody',
   Boolean $ssh_use_specific_hostkey         = false,
   String  $ssh_hostkey_type                 = 'rsa',
+  String  $ssh_rekeylimit                   = 'default none',
+  String  $ssh_syslog_facility              = 'AUTH',
+  String  $ssh_log_level                    = 'INFO'
 
 ) {
 # default facts
diff --git a/templates/sshd_custom_conf.erb b/templates/sshd_custom_conf.erb
index 60c43bf..6531490 100644
--- a/templates/sshd_custom_conf.erb
+++ b/templates/sshd_custom_conf.erb
@@ -9,11 +9,6 @@ Port <%= @ssh_fw_port %>
 AddressFamily <%= @ssh_address_family %>
 ListenAddress <%= @ssh_listen_address %> 
 
-PermitRootLogin <%= @ssh_root_login %>
-StrictModes <%= @ssh_strict_modes %>
-MaxAuthTries <%= @ssh_max_auth_tries %>
-MaxSessions <%= @ssh_max_sessions %>
-
 PubkeyAuthentication <%= @ssh_pubkey_auth %>
 AuthorizedKeysFile	<%= @ssh_auth_key_files %>
 
@@ -23,4 +18,14 @@ AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %>
 
 <% if @ssh_use_specific_hostkey -%>
 HostKey /etc/ssh/ssh_host_<%= @ssh_hostkey_type %>_key
-<% end -%>
\ No newline at end of file
+<% end -%>
+
+RekeyLimit <%= @ssh_rekeylimit %>
+
+SyslogFacility <%= @ssh_syslog_facility %>
+LogLevel <%= @ssh_log_level %>
+
+PermitRootLogin <%= @ssh_root_login %>
+StrictModes <%= @ssh_strict_modes %>
+MaxAuthTries <%= @ssh_max_auth_tries %>
+MaxSessions <%= @ssh_max_sessions %>
\ No newline at end of file