puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

# This is a combination of 2 commits.

Browse Source 
# This is the 1st commit message:

Align fixtures with 20.04 defaults

Align fixtures with defaults

# This is the commit message #2:

Remove type to make puppet 3 compatible
This commit is contained in:
mergwyn 2020-06-11 20:49:23 +01:00
parent 8baa6760dc
commit f2b6c2d8a8
5 changed files with 195 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

310
manifests/init.pp
View File

@ -3,125 +3,127 @@
# Manage ssh client and server
#
class ssh (
$hiera_merge = false,
$packages = 'USE_DEFAULTS',
$permit_root_login = 'yes',
$purge_keys = true,
$manage_firewall = false,
$ssh_package_source = 'USE_DEFAULTS',
$ssh_package_adminfile = 'USE_DEFAULTS',
$ssh_config_hash_known_hosts = 'USE_DEFAULTS',
$ssh_config_path = '/etc/ssh/ssh_config',
$ssh_config_owner = 'root',
$ssh_config_group = 'root',
$ssh_config_mode = '0644',
$ssh_config_forward_x11 = undef,
$ssh_config_forward_x11_trusted = 'USE_DEFAULTS',
$ssh_config_forward_agent = undef,
$ssh_config_server_alive_interval = undef,
$ssh_config_sendenv_xmodifiers = false,
$ssh_hostbasedauthentication = undef,
$ssh_config_proxy_command = undef,
$ssh_strict_host_key_checking = undef,
$ssh_config_ciphers = undef,
$ssh_config_kexalgorithms = undef,
$ssh_config_macs = undef,
$ssh_config_use_roaming = 'USE_DEFAULTS',
$ssh_config_template = 'ssh/ssh_config.erb',
$ssh_sendenv = 'USE_DEFAULTS',
$ssh_gssapiauthentication = 'yes',
$ssh_gssapidelegatecredentials = undef,
$sshd_config_path = '/etc/ssh/sshd_config',
$sshd_config_owner = 'root',
$sshd_config_group = 'root',
$sshd_config_loglevel = 'INFO',
$sshd_config_mode = 'USE_DEFAULTS',
$sshd_config_permitemptypasswords = undef,
$sshd_config_permituserenvironment = undef,
$sshd_config_compression = undef,
$sshd_config_port = '22',
$sshd_config_syslog_facility = 'AUTH',
$sshd_config_template = 'ssh/sshd_config.erb',
$sshd_config_login_grace_time = '120',
$sshd_config_challenge_resp_auth = 'yes',
$sshd_config_print_motd = 'yes',
$sshd_config_print_last_log = undef,
$sshd_config_use_dns = 'USE_DEFAULTS',
$sshd_config_authkey_location = undef,
$sshd_config_strictmodes = undef,
$sshd_config_serverkeybits = 'USE_DEFAULTS',
$sshd_config_banner = 'none',
$sshd_config_ciphers = undef,
$sshd_config_kexalgorithms = undef,
$sshd_config_macs = undef,
$ssh_enable_ssh_keysign = undef,
$sshd_config_allowgroups = [],
$sshd_config_allowusers = [],
$sshd_config_denygroups = [],
$sshd_config_denyusers = [],
$sshd_config_maxauthtries = undef,
$sshd_config_maxstartups = undef,
$sshd_config_maxsessions = undef,
$sshd_config_chrootdirectory = undef,
$sshd_config_forcecommand = undef,
$sshd_config_match = undef,
$sshd_authorized_keys_command = undef,
$sshd_authorized_keys_command_user = undef,
$sshd_banner_content = undef,
$sshd_banner_owner = 'root',
$sshd_banner_group = 'root',
$sshd_banner_mode = '0644',
$sshd_config_xauth_location = 'USE_DEFAULTS',
$sshd_config_subsystem_sftp = 'USE_DEFAULTS',
$sshd_kerberos_authentication = undef,
$sshd_password_authentication = 'yes',
$sshd_allow_tcp_forwarding = 'yes',
$sshd_x11_forwarding = 'yes',
$sshd_x11_use_localhost = 'yes',
$sshd_use_pam = 'USE_DEFAULTS',
$sshd_client_alive_count_max = '3',
$sshd_client_alive_interval = '0',
$sshd_gssapiauthentication = 'yes',
$sshd_gssapikeyexchange = 'USE_DEFAULTS',
$sshd_pamauthenticationviakbdint = 'USE_DEFAULTS',
$sshd_gssapicleanupcredentials = 'USE_DEFAULTS',
$sshd_acceptenv = 'USE_DEFAULTS',
$sshd_config_hostkey = 'USE_DEFAULTS',
$sshd_listen_address = undef,
$sshd_hostbasedauthentication = 'no',
$sshd_pubkeyacceptedkeytypes = undef,
$sshd_pubkeyauthentication = 'yes',
$sshd_ignoreuserknownhosts = 'no',
$sshd_ignorerhosts = 'yes',
$sshd_config_authenticationmethods = undef,
$manage_service = true,
$sshd_addressfamily = 'USE_DEFAULTS',
$service_ensure = 'running',
$service_name = 'USE_DEFAULTS',
$service_enable = true,
$service_hasrestart = true,
$service_hasstatus = 'USE_DEFAULTS',
$ssh_key_ensure = 'present',
$ssh_key_import = true,
$ssh_key_type = 'ssh-rsa',
$ssh_config_global_known_hosts_file = '/etc/ssh/ssh_known_hosts',
$ssh_config_global_known_hosts_list = undef,
$ssh_config_global_known_hosts_owner = 'root',
$ssh_config_global_known_hosts_group = 'root',
$ssh_config_global_known_hosts_mode = '0644',
$ssh_config_user_known_hosts_file = undef,
$config_entries = {},
$keys = undef,
$manage_root_ssh_config = false,
$root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n",
$sshd_config_tcp_keepalive = undef,
$sshd_config_use_privilege_separation = undef,
$sshd_config_permittunnel = undef,
$sshd_config_hostcertificate = undef,
$sshd_config_trustedusercakeys = undef,
$sshd_config_key_revocation_list = undef,
$sshd_config_authorized_principals_file = undef,
$sshd_config_allowagentforwarding = undef,
$hiera_merge = false,
$packages = 'USE_DEFAULTS',
$permit_root_login = 'yes',
$purge_keys = true,
$manage_firewall = false,
$ssh_package_source = 'USE_DEFAULTS',
$ssh_package_adminfile = 'USE_DEFAULTS',
$ssh_config_hash_known_hosts = 'USE_DEFAULTS',
$ssh_config_path = '/etc/ssh/ssh_config',
$ssh_config_owner = 'root',
$ssh_config_group = 'root',
$ssh_config_mode = '0644',
$ssh_config_forward_x11 = undef,
$ssh_config_forward_x11_trusted = 'USE_DEFAULTS',
$ssh_config_forward_agent = undef,
$ssh_config_server_alive_interval = undef,
$ssh_config_sendenv_xmodifiers = false,
$ssh_hostbasedauthentication = undef,
$ssh_config_proxy_command = undef,
$ssh_strict_host_key_checking = undef,
$ssh_config_ciphers = undef,
$ssh_config_kexalgorithms = undef,
$ssh_config_macs = undef,
$ssh_config_use_roaming = 'USE_DEFAULTS',
$ssh_config_template = 'ssh/ssh_config.erb',
$ssh_sendenv = 'USE_DEFAULTS',
$ssh_gssapiauthentication = 'yes',
$ssh_gssapidelegatecredentials = undef,
$sshd_config_path = '/etc/ssh/sshd_config',
$sshd_config_owner = 'root',
$sshd_config_group = 'root',
$sshd_config_loglevel = 'INFO',
$sshd_config_mode = 'USE_DEFAULTS',
$sshd_config_permitemptypasswords = undef,
$sshd_config_permituserenvironment = undef,
$sshd_config_compression = undef,
$sshd_config_port = '22',
$sshd_config_syslog_facility = 'AUTH',
$sshd_config_template = 'ssh/sshd_config.erb',
$sshd_config_login_grace_time = '120',
$sshd_config_challenge_resp_auth = 'yes',
$sshd_config_print_motd = 'yes',
$sshd_config_print_last_log = undef,
$sshd_config_use_dns = 'USE_DEFAULTS',
$sshd_config_authkey_location = undef,
$sshd_config_strictmodes = undef,
$sshd_config_serverkeybits = 'USE_DEFAULTS',
$sshd_config_banner = 'none',
$sshd_config_ciphers = undef,
$sshd_config_kexalgorithms = undef,
$sshd_config_macs = undef,
$ssh_enable_ssh_keysign = undef,
$sshd_config_allowgroups = [],
$sshd_config_allowusers = [],
$sshd_config_denygroups = [],
$sshd_config_denyusers = [],
$sshd_config_maxauthtries = undef,
$sshd_config_maxstartups = undef,
$sshd_config_maxsessions = undef,
$sshd_config_chrootdirectory = undef,
$sshd_config_forcecommand = undef,
$sshd_config_match = undef,
$sshd_authorized_keys_command = undef,
$sshd_authorized_keys_command_user = undef,
$sshd_banner_content = undef,
$sshd_banner_owner = 'root',
$sshd_banner_group = 'root',
$sshd_banner_mode = '0644',
$sshd_config_xauth_location = 'USE_DEFAULTS',
$sshd_config_subsystem_sftp = 'USE_DEFAULTS',
$sshd_kerberos_authentication = undef,
$sshd_password_authentication = 'yes',
$sshd_allow_tcp_forwarding = 'yes',
$sshd_x11_forwarding = 'yes',
$sshd_x11_use_localhost = 'yes',
$sshd_use_pam = 'USE_DEFAULTS',
$sshd_client_alive_count_max = '3',
$sshd_client_alive_interval = '0',
$sshd_gssapiauthentication = 'yes',
$sshd_gssapikeyexchange = 'USE_DEFAULTS',
$sshd_pamauthenticationviakbdint = 'USE_DEFAULTS',
$sshd_gssapicleanupcredentials = 'USE_DEFAULTS',
$sshd_acceptenv = 'USE_DEFAULTS',
$sshd_config_hostkey = 'USE_DEFAULTS',
$sshd_listen_address = undef,
$sshd_hostbasedauthentication = 'no',
$sshd_pubkeyacceptedkeytypes = undef,
$sshd_pubkeyauthentication = 'yes',
$sshd_ignoreuserknownhosts = 'no',
$sshd_ignorerhosts = 'yes',
$sshd_config_authenticationmethods = undef,
$manage_service = true,
$sshd_addressfamily = 'USE_DEFAULTS',
$service_ensure = 'running',
$service_name = 'USE_DEFAULTS',
$service_enable = true,
$service_hasrestart = true,
$service_hasstatus = 'USE_DEFAULTS',
$ssh_key_ensure = 'present',
$ssh_key_import = true,
$ssh_key_type = 'ssh-rsa',
$ssh_config_global_known_hosts_file = '/etc/ssh/ssh_known_hosts',
$ssh_config_global_known_hosts_list = undef,
$ssh_config_global_known_hosts_owner = 'root',
$ssh_config_global_known_hosts_group = 'root',
$ssh_config_global_known_hosts_mode = '0644',
$ssh_config_user_known_hosts_file = undef,
$ssh_config_include = 'USE_DEFAULTS',
$config_entries = {},
$keys = undef,
$manage_root_ssh_config = false,
$root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n",
$sshd_config_tcp_keepalive = undef,
$sshd_config_use_privilege_separation = undef,
$sshd_config_permittunnel = undef,
$sshd_config_hostcertificate = undef,
$sshd_config_trustedusercakeys = undef,
$sshd_config_key_revocation_list = undef,
$sshd_config_authorized_principals_file = undef,
$sshd_config_allowagentforwarding = undef,
$sshd_config_include = 'USE_DEFAULTS',
) {
case $::osfamily {
@ -134,6 +136,7 @@ class ssh (
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_include = undef
$default_sshd_config_subsystem_sftp = '/usr/libexec/openssh/sftp-server'
$default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes'
@ -153,6 +156,7 @@ class ssh (
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_sshd_config_include = undef
}
'Suse': {
$default_packages = 'openssh'
@ -162,6 +166,7 @@ class ssh (
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_forward_x11_trusted = 'yes'
$default_ssh_config_include = undef
$default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes'
$default_sshd_config_xauth_location = '/usr/bin/xauth'
@ -176,6 +181,7 @@ class ssh (
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_sshd_config_include = undef
case $::architecture {
'x86_64': {
if ($::operatingsystem == 'SLES') and ($::operatingsystemrelease =~ /^12\./) {
@ -212,6 +218,7 @@ class ssh (
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_include = undef
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes'
@ -225,6 +232,7 @@ class ssh (
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_sshd_config_include = undef
}
'18.04': {
$default_sshd_config_hostkey = [
@ -239,6 +247,7 @@ class ssh (
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_include = undef
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes'
@ -252,32 +261,37 @@ class ssh (
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_sshd_config_include = undef
}
'20.04': {
$default_sshd_config_hostkey = [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_dsa_key',
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
]
$default_ssh_config_hash_known_hosts = 'yes'
$default_sshd_config_xauth_location = undef
$default_ssh_config_forward_x11_trusted = 'yes'
$default_ssh_package_source = undef
$default_service_hasstatus = true
$default_ssh_package_adminfile = undef
$default_ssh_package_source = undef
$default_ssh_config_hash_known_hosts = 'yes'
$default_ssh_gssapiauthentication = 'yes'
$default_ssh_sendenv = true
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_ssh_config_forward_x11_trusted = 'yes'
$default_ssh_config_include = '/etc/ssh/ssh_config.d/*.conf'
$default_sshd_acceptenv = true
$default_sshd_addressfamily = 'any'
#$default_sshd_config_challenge_resp_auth = 'no'
$default_sshd_config_hostkey = []
$default_sshd_config_mode = '0600'
$default_sshd_config_permittunnel = undef
$default_sshd_config_print_motd = 'no'
$default_sshd_config_serverkeybits = undef
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_sshd_config_tcp_keepalive = undef
$default_sshd_config_use_dns = 'yes'
$default_sshd_use_pam = 'yes'
$default_sshd_config_xauth_location = undef
$default_sshd_gssapiauthentication = 'yes'
$default_sshd_gssapicleanupcredentials = 'yes'
$default_sshd_gssapikeyexchange = undef
$default_sshd_pamauthenticationviakbdint = undef
$default_sshd_gssapicleanupcredentials = 'yes'
$default_sshd_acceptenv = true
$default_service_hasstatus = true
$default_sshd_config_serverkeybits = '1024'
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_use_pam = 'yes'
$default_sshd_x11_forwarding = 'yes'
$default_sshd_config_include = '/etc/ssh/sshd_config.d/*.conf'
}
/^10.*/: {
$default_sshd_config_hostkey = [
'/etc/ssh/ssh_host_rsa_key',
@ -287,6 +301,7 @@ class ssh (
$default_sshd_config_mode = '0600'
$default_sshd_use_pam = 'yes'
$default_ssh_config_forward_x11_trusted = 'yes'
$default_ssh_config_include = undef
$default_sshd_acceptenv = true
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_ssh_config_hash_known_hosts = 'yes'
@ -303,6 +318,7 @@ class ssh (
$default_sshd_gssapikeyexchange = undef
$default_sshd_pamauthenticationviakbdint = undef
$default_service_hasstatus = true
$default_sshd_config_include = undef
}
/^9.*/: {
$default_sshd_config_hostkey = [
@ -317,6 +333,7 @@ class ssh (
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_ssh_config_hash_known_hosts = 'yes'
$default_ssh_sendenv = true
$default_ssh_config_include = undef
$default_sshd_addressfamily = undef
$default_sshd_config_serverkeybits = undef
$default_sshd_gssapicleanupcredentials = undef
@ -328,6 +345,7 @@ class ssh (
$default_ssh_package_adminfile = undef
$default_sshd_gssapikeyexchange = undef
$default_sshd_pamauthenticationviakbdint = undef
$default_sshd_config_include = undef
$default_service_hasstatus = true
}
/^7.*/: {
@ -338,6 +356,7 @@ class ssh (
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_include = undef
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes'
@ -351,6 +370,7 @@ class ssh (
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_sshd_config_include = undef
}
/^8.*/: {
@ -359,6 +379,7 @@ class ssh (
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_ssh_config_include = undef
$default_sshd_config_hostkey = [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_dsa_key',
@ -379,6 +400,7 @@ class ssh (
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_service_hasstatus = true
$default_sshd_config_include = undef
}
default: { fail ("Operating System : ${::operatingsystemrelease} not supported") }
}
@ -387,6 +409,7 @@ class ssh (
$default_ssh_config_hash_known_hosts = undef
$default_ssh_sendenv = false
$default_ssh_config_forward_x11_trusted = undef
$default_ssh_config_include = undef
$default_sshd_config_subsystem_sftp = '/usr/lib/ssh/sftp-server'
$default_sshd_config_mode = '0644'
$default_sshd_config_use_dns = undef
@ -402,6 +425,7 @@ class ssh (
$default_sshd_addressfamily = undef
$default_sshd_config_tcp_keepalive = undef
$default_sshd_config_permittunnel = undef
$default_sshd_config_include = undef
case $::kernelrelease {
'5.11': {
$default_packages = ['network/ssh',
@ -567,6 +591,12 @@ class ssh (
$ssh_config_use_roaming_real = $ssh_config_use_roaming
}
if $ssh_config_include == 'USE_DEFAULTS' {
$ssh_config_include_real = $default_ssh_config_include
} else {
$ssh_config_include_real = $ssh_config_include
}
if $ssh_sendenv == 'USE_DEFAULTS' {
$ssh_sendenv_real = $default_ssh_sendenv
} else {
@ -636,6 +666,12 @@ class ssh (
$sshd_addressfamily_real = $sshd_addressfamily
}
if $sshd_config_include == 'USE_DEFAULTS' {
$sshd_config_include_real = $default_sshd_config_include
} else {
$sshd_config_include_real = $sshd_config_include
}
case $sshd_config_maxsessions {
'unset', undef: { $sshd_config_maxsessions_integer = undef }
default: { $sshd_config_maxsessions_integer = floor($sshd_config_maxsessions) }

2
spec/fixtures/ssh_config_ubuntu2004 vendored
View File

@ -20,6 +20,8 @@
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Include /etc/ssh/ssh_config.d/*.conf
# Host *
# ForwardAgent no
# ForwardX11 no

9
spec/fixtures/sshd_config_ubuntu2004 vendored
View File

@ -13,6 +13,8 @@
# possible, but leave them commented. Uncommented options change a
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
Port 22
#Protocol 2,1
@ -25,15 +27,10 @@ AddressFamily any
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
@ -115,7 +112,6 @@ X11UseLocalhost yes
PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
@ -131,7 +127,6 @@ UseDNS yes
#MaxSessions 10
#PermitTunnel no
PermitTunnel no
#ChrootDirectory none
# no default banner path

10
templates/ssh_config.erb
View File

@ -20,6 +20,14 @@
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
<% if defined?(@ssh_config_include_real) -%>
<% if @ssh_config_include_real.is_a? Array -%>
Include <%= @ssh_config_include_real.join(' ') %>
<% else -%>
Include <%= @ssh_config_include_real %>
<% end -%>
<% end -%>
# Host *
# ForwardAgent no
# ForwardX11 no
@ -75,7 +83,7 @@ GSSAPIDelegateCredentials <%= @ssh_gssapidelegatecredentials %>
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
<% if @ssh_config_forward_x11_trusted_real != nil -%>
<% if defined?(@ssh_config_forward_x11_trusted_real) -%>
ForwardX11Trusted <%= @ssh_config_forward_x11_trusted_real %>
<% end -%>
<% if @ssh_config_forward_agent != nil -%>

10
templates/sshd_config.erb
View File

@ -13,13 +13,21 @@
# possible, but leave them commented. Uncommented options change a
# default value.
<% if defined?(@sshd_config_include_real) -%>
<% if @sshd_config_include_real.is_a? Array -%>
Include <%= @sshd_config_include_real.join(' ') %>
<% else -%>
Include <%= @sshd_config_include_real %>
<% end -%>
<% end -%>
#Port 22
<% @sshd_config_port_array.each do |p| -%>
<%= "Port #{p}" %>
<% end -%>
#Protocol 2,1
Protocol 2
<% if @sshd_addressfamily_real != nil -%>
<% if defined?(@sshd_addressfamily_real) -%>
#AddressFamily any
AddressFamily <%= @sshd_addressfamily_real %>
<% end -%>