Enable ssh_host_ed25519_key if it exists

[dsa-puppet.git] / modules / ssh / templates / sshd_config.erb

diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
index 7821514615b1f8b0afc7eb5459de9caedc981ce7..7fd627764ccca3d4c77d5c19a30a5455847e0183 100644 (file)
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -1,3 +1,8 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
 # Package generated configuration file
 # See the sshd(8) manpage for details
 
@@ -5,6 +10,12 @@
 Port 22
 <%= extraports = case fqdn
                         when "ravel.debian.org" then "Port 443"
+                        when "paradis.debian.org" then "
+ListenAddress 0.0.0.0:22
+ListenAddress [::]:22
+ListenAddress 5.153.231.31:443
+ListenAddress [2001:41c8:1000:21::21:31]:443
+"
                  end
 extraports
 %>
@@ -14,12 +25,15 @@ extraports
 Protocol 2
 # HostKeys for protocol version 2
 HostKey /etc/ssh/ssh_host_rsa_key
+<%- if has_variable?("has_etc_ssh_ssh_host_ed25519_key") && has_srv_build_trees == "true" -%>
+HostKey /etc/ssh/ssh_host_ed25519_key
+<% end %>
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 
 # Lifetime and size of ephemeral version 1 server key
 KeyRegenerationInterval 3600
-ServerKeyBits 768
+ServerKeyBits 1024
 
 # Logging
 SyslogFacility AUTH