From 12610cf4b91d2cedd7b83eecca62d8e46d114c57 Mon Sep 17 00:00:00 2001
From: 12ww1160 <12ww1160@confdroid.com>
Date: Mon, 13 Apr 2026 13:09:26 +0200
Subject: [PATCH 1/2] OP#575 add more params

---
 manifests/params.pp            |  9 +++++++++
 templates/sshd_custom_conf.erb | 17 +++++++++++------
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/manifests/params.pp b/manifests/params.pp
index 9b29811..60bc548 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -27,6 +27,12 @@
 # @param [Boolean] ssh_use_specific_hostkey whether to use a specific host key
 # @param [String] ssh_hostkey_type type of host key to use if 
 #   ssh_use_specific_hostkey is true
+# @param [String] ssh_rekeylimit RekeyLimit setting for sshd_config. 
+#   Default is 'default none'.
+# @param [String] ssh_syslog_facility SyslogFacility setting for sshd_config.
+#   Default is 'AUTH'.
+# @param [String] ssh_log_level LogLevel setting for sshd_config.
+#   Default is 'INFO'.
 ##############################################################################
 class confdroid_ssh::params (
 
@@ -54,6 +60,9 @@ class confdroid_ssh::params (
   String  $ssh_authorized_keys_command_user = 'nobody',
   Boolean $ssh_use_specific_hostkey         = false,
   String  $ssh_hostkey_type                 = 'rsa',
+  String  $ssh_rekeylimit                   = 'default none',
+  String  $ssh_syslog_facility              = 'AUTH',
+  String  $ssh_log_level                    = 'INFO'
 
 ) {
 # default facts
diff --git a/templates/sshd_custom_conf.erb b/templates/sshd_custom_conf.erb
index 60c43bf..6531490 100644
--- a/templates/sshd_custom_conf.erb
+++ b/templates/sshd_custom_conf.erb
@@ -9,11 +9,6 @@ Port <%= @ssh_fw_port %>
 AddressFamily <%= @ssh_address_family %>
 ListenAddress <%= @ssh_listen_address %> 
 
-PermitRootLogin <%= @ssh_root_login %>
-StrictModes <%= @ssh_strict_modes %>
-MaxAuthTries <%= @ssh_max_auth_tries %>
-MaxSessions <%= @ssh_max_sessions %>
-
 PubkeyAuthentication <%= @ssh_pubkey_auth %>
 AuthorizedKeysFile	<%= @ssh_auth_key_files %>
 
@@ -23,4 +18,14 @@ AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %>
 
 <% if @ssh_use_specific_hostkey -%>
 HostKey /etc/ssh/ssh_host_<%= @ssh_hostkey_type %>_key
-<% end -%>
\ No newline at end of file
+<% end -%>
+
+RekeyLimit <%= @ssh_rekeylimit %>
+
+SyslogFacility <%= @ssh_syslog_facility %>
+LogLevel <%= @ssh_log_level %>
+
+PermitRootLogin <%= @ssh_root_login %>
+StrictModes <%= @ssh_strict_modes %>
+MaxAuthTries <%= @ssh_max_auth_tries %>
+MaxSessions <%= @ssh_max_sessions %>
\ No newline at end of file

From fca3e37b09057ff6d4da5ac738865b071e1c6501 Mon Sep 17 00:00:00 2001
From: Jenkins Server <jenkins@confdroid.com>
Date: Mon, 13 Apr 2026 13:10:40 +0200
Subject: [PATCH 2/2] Recommit for updates in build 18

---
 .../confdroid_ssh_3A_3Aparams.html            | 76 +++++++++++++++++--
 1 file changed, 68 insertions(+), 8 deletions(-)

diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
index ea0d346..968712a 100644
--- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
@@ -466,6 +466,60 @@
         &mdash;
         <div class='inline'>
 <p>type of host key to use if ssh_use_specific_hostkey is true</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>ssh_rekeylimit</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;default none&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>RekeyLimit setting for sshd_config. Default is ‘default none’.</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>ssh_syslog_facility</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;AUTH&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>SyslogFacility setting for sshd_config. Default is ‘AUTH’.</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>ssh_log_level</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;INFO&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>LogLevel setting for sshd_config. Default is ‘INFO’.</p>
 </div>
       
     </li>
@@ -481,12 +535,6 @@
         <pre class="lines">
 
 
-31
-32
-33
-34
-35
-36
 37
 38
 39
@@ -528,10 +576,19 @@
 75
 76
 77
-78</pre>
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87</pre>
       </td>
       <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 31</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 37</span>
 
 class confdroid_ssh::params (
 
@@ -559,6 +616,9 @@ class confdroid_ssh::params (
   String  $ssh_authorized_keys_command_user = &#39;nobody&#39;,
   Boolean $ssh_use_specific_hostkey         = false,
   String  $ssh_hostkey_type                 = &#39;rsa&#39;,
+  String  $ssh_rekeylimit                   = &#39;default none&#39;,
+  String  $ssh_syslog_facility              = &#39;AUTH&#39;,
+  String  $ssh_log_level                    = &#39;INFO&#39;
 
 ) {
 # default facts