retire ravel

[dsa-puppet.git] / modules / ssh / templates / sshd_config.erb

diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
index d0423f635d1201399c9aa224f1c8666e87b4aa3a..947a254755d1f5918ab61c58a1e4ce9ef9c8099e 100644 (file)
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -9,10 +9,9 @@
 # What ports, IPs and protocols we listen for
 Port 22
 <%= extraports = case fqdn
-                        when "ravel.debian.org" then "Port 443"
                         when "paradis.debian.org" then "
-ListenAddress 5.153.231.30:22
-ListenAddress [2001:41c8:1000:21::21:30]:22
+ListenAddress 0.0.0.0:22
+ListenAddress [::]:22
 ListenAddress 5.153.231.31:443
 ListenAddress [2001:41c8:1000:21::21:31]:443
 "
@@ -25,12 +24,15 @@ extraports
 Protocol 2
 # HostKeys for protocol version 2
 HostKey /etc/ssh/ssh_host_rsa_key
+<%- if has_variable?("has_etc_ssh_ssh_host_ed25519_key") && has_etc_ssh_ssh_host_ed25519_key == "true" -%>
+HostKey /etc/ssh/ssh_host_ed25519_key
+<% end %>
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 
 # Lifetime and size of ephemeral version 1 server key
 KeyRegenerationInterval 3600
-ServerKeyBits 768
+ServerKeyBits 1024
 
 # Logging
 SyslogFacility AUTH