From 4478b2bbe0c7e258be669d4c53c37975207cf41b Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Sat, 17 Aug 2024 09:57:44 +0200 Subject: [PATCH] Add new configuration options from OpenSSH 9.8 Signed-off-by: Jakub Jelen --- README.md | 2 +- meta/options_body | 4 ++++ meta/options_match | 1 + templates/sshd_config.j2 | 5 +++++ templates/sshd_config_snippet.j2 | 5 +++++ 5 files changed, 16 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 608ecd1..c996180 100644 --- a/README.md +++ b/README.md @@ -486,4 +486,4 @@ Matt Willsher Jakub Jelen -© 2020 - 2022 Red Hat, Inc. +© 2020 - 2024 Red Hat, Inc. diff --git a/meta/options_body b/meta/options_body index 2f78297..87b8f17 100644 --- a/meta/options_body +++ b/meta/options_body @@ -73,6 +73,7 @@ MaxSessions MaxStartups ModuliFile NoneEnabled +PAMServiceName PasswordAuthentication PermitEmptyPasswords PermitListen @@ -82,6 +83,8 @@ PermitTTY PermitTunnel PermitUserEnvironment PermitUserRC +PerSourcePenalties +PerSourcePenaltyExemptList PerSourceMaxStartups PerSourceNetBlockSize PidFile @@ -102,6 +105,7 @@ SecurityKeyProvider SetEnv ServerKeyBits ShowPatchLevel +SshdSessionPath StreamLocalBindMask StreamLocalBindUnlink StrictModes diff --git a/meta/options_match b/meta/options_match index 7cbb9b7..5889cc9 100644 --- a/meta/options_match +++ b/meta/options_match @@ -36,6 +36,7 @@ KerberosAuthentication LogLevel MaxAuthTries MaxSessions +PAMServiceName PasswordAuthentication PermitEmptyPasswords PermitListen diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2 index 0e2a222..0fc0097 100644 --- a/templates/sshd_config.j2 +++ b/templates/sshd_config.j2 @@ -82,6 +82,7 @@ Match {{ match["Condition"] }} {{ render_option("LogLevel",match["LogLevel"],true) -}} {{ render_option("MaxAuthTries",match["MaxAuthTries"],true) -}} {{ render_option("MaxSessions",match["MaxSessions"],true) -}} +{{ render_option("PAMServiceName",match["PAMServiceName"],true) -}} {{ render_option("PasswordAuthentication",match["PasswordAuthentication"],true) -}} {{ render_option("PermitEmptyPasswords",match["PermitEmptyPasswords"],true) -}} {{ render_option("PermitListen",match["PermitListen"],true) -}} @@ -197,6 +198,7 @@ Match {{ match["Condition"] }} {{ body_option("MaxStartups",sshd_MaxStartups) -}} {{ body_option("ModuliFile",sshd_ModuliFile) -}} {{ body_option("NoneEnabled",sshd_NoneEnabled) -}} +{{ body_option("PAMServiceName",sshd_PAMServiceName) -}} {{ body_option("PasswordAuthentication",sshd_PasswordAuthentication) -}} {{ body_option("PermitEmptyPasswords",sshd_PermitEmptyPasswords) -}} {{ body_option("PermitListen",sshd_PermitListen) -}} @@ -206,6 +208,8 @@ Match {{ match["Condition"] }} {{ body_option("PermitTunnel",sshd_PermitTunnel) -}} {{ body_option("PermitUserEnvironment",sshd_PermitUserEnvironment) -}} {{ body_option("PermitUserRC",sshd_PermitUserRC) -}} +{{ body_option("PerSourcePenalties",sshd_PerSourcePenalties) -}} +{{ body_option("PerSourcePenaltyExemptList",sshd_PerSourcePenaltyExemptList) -}} {{ body_option("PerSourceMaxStartups",sshd_PerSourceMaxStartups) -}} {{ body_option("PerSourceNetBlockSize",sshd_PerSourceNetBlockSize) -}} {{ body_option("PidFile",sshd_PidFile) -}} @@ -226,6 +230,7 @@ Match {{ match["Condition"] }} {{ body_option("SetEnv",sshd_SetEnv) -}} {{ body_option("ServerKeyBits",sshd_ServerKeyBits) -}} {{ body_option("ShowPatchLevel",sshd_ShowPatchLevel) -}} +{{ body_option("SshdSessionPath",sshd_SshdSessionPath) -}} {{ body_option("StreamLocalBindMask",sshd_StreamLocalBindMask) -}} {{ body_option("StreamLocalBindUnlink",sshd_StreamLocalBindUnlink) -}} {{ body_option("StrictModes",sshd_StrictModes) -}} diff --git a/templates/sshd_config_snippet.j2 b/templates/sshd_config_snippet.j2 index 63825f2..88d6275 100644 --- a/templates/sshd_config_snippet.j2 +++ b/templates/sshd_config_snippet.j2 @@ -80,6 +80,7 @@ Match {{ match["Condition"] }} {{ render_option("LogLevel",match["LogLevel"],true) -}} {{ render_option("MaxAuthTries",match["MaxAuthTries"],true) -}} {{ render_option("MaxSessions",match["MaxSessions"],true) -}} +{{ render_option("PAMServiceName",match["PAMServiceName"],true) -}} {{ render_option("PasswordAuthentication",match["PasswordAuthentication"],true) -}} {{ render_option("PermitEmptyPasswords",match["PermitEmptyPasswords"],true) -}} {{ render_option("PermitListen",match["PermitListen"],true) -}} @@ -195,6 +196,7 @@ Match {{ match["Condition"] }} {{ body_option("MaxStartups",sshd_MaxStartups) -}} {{ body_option("ModuliFile",sshd_ModuliFile) -}} {{ body_option("NoneEnabled",sshd_NoneEnabled) -}} +{{ body_option("PAMServiceName",sshd_PAMServiceName) -}} {{ body_option("PasswordAuthentication",sshd_PasswordAuthentication) -}} {{ body_option("PermitEmptyPasswords",sshd_PermitEmptyPasswords) -}} {{ body_option("PermitListen",sshd_PermitListen) -}} @@ -204,6 +206,8 @@ Match {{ match["Condition"] }} {{ body_option("PermitTunnel",sshd_PermitTunnel) -}} {{ body_option("PermitUserEnvironment",sshd_PermitUserEnvironment) -}} {{ body_option("PermitUserRC",sshd_PermitUserRC) -}} +{{ body_option("PerSourcePenalties",sshd_PerSourcePenalties) -}} +{{ body_option("PerSourcePenaltyExemptList",sshd_PerSourcePenaltyExemptList) -}} {{ body_option("PerSourceMaxStartups",sshd_PerSourceMaxStartups) -}} {{ body_option("PerSourceNetBlockSize",sshd_PerSourceNetBlockSize) -}} {{ body_option("PidFile",sshd_PidFile) -}} @@ -224,6 +228,7 @@ Match {{ match["Condition"] }} {{ body_option("SetEnv",sshd_SetEnv) -}} {{ body_option("ServerKeyBits",sshd_ServerKeyBits) -}} {{ body_option("ShowPatchLevel",sshd_ShowPatchLevel) -}} +{{ body_option("SshdSessionPath",sshd_SshdSessionPath) -}} {{ body_option("StreamLocalBindMask",sshd_StreamLocalBindMask) -}} {{ body_option("StreamLocalBindUnlink",sshd_StreamLocalBindUnlink) -}} {{ body_option("StrictModes",sshd_StrictModes) -}}