From e94099c9334267ec2c1f0c766f608ec0f04a8f52 Mon Sep 17 00:00:00 2001
From: Adam Henry Lewenberg <adamhl@stanford.edu>
Date: Fri, 16 Dec 2016 10:03:59 -0800
Subject: [PATCH] release/005.003

---
 NEWS                          |  4 ++++
 templates/ssh/sshd_config.erb | 10 +++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/NEWS b/NEWS
index 898a887..d7b0576 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+release/005.003 (2016-12-16)
+
+    [ssh] Add "@" to a few more variables on sshd_config.erb. [adamhl]
+
 release/005.002 (2016-12-13)
 
     [ssh] Change the class "ssh::pam" to "base::ssh::pam".  This should
diff --git a/templates/ssh/sshd_config.erb b/templates/ssh/sshd_config.erb
index e965c7f..7d862da 100644
--- a/templates/ssh/sshd_config.erb
+++ b/templates/ssh/sshd_config.erb
@@ -34,7 +34,7 @@ Protocol 2
 # Only support RSA keys, not DSA keys.
 HostKey /etc/ssh/ssh_host_rsa_key
 
-<% if ed25519 then -%>
+<% if @ed25519 then -%>
 # Also support Ed25519 host keys.
 HostKey /etc/ssh/ssh_host_ed25519_key
 
@@ -60,7 +60,7 @@ HostbasedAuthentication <%= @hostbased ? 'yes' : 'no' %>
 
 # Allow password authentication via PAM, but not empty passwords.
 ChallengeResponseAuthentication yes
-PasswordAuthentication <%= password ? 'yes' : 'no' %>
+PasswordAuthentication <%= @password ? 'yes' : 'no' %>
 UsePAM yes
 PermitEmptyPasswords no
 
@@ -68,14 +68,14 @@ PermitEmptyPasswords no
 # to add GSSAPIStoreCredentialsOnRekey yes.
 GSSAPIAuthentication yes
 GSSAPICleanupCredentials yes
-<% if (@osfamily != 'RedHat') or (lsbmajdistrelease.to_i() >= 6) then -%>
+<% if (@osfamily != 'RedHat') or (@lsbmajdistrelease.to_i() >= 6) then -%>
 GSSAPIKeyExchange yes
 GSSAPIStrictAcceptorCheck no
 <% end -%>
 <% if (@operatingsystem == 'Debian') and (@lsbdistcodename != 'lenny') then -%>
 GSSAPIStoreCredentialsOnRekey yes
 <% end -%>
-<% if (@osfamily == 'RedHat') and (lsbmajdistrelease.to_i() >= 6) then -%>
+<% if (@osfamily == 'RedHat') and (@lsbmajdistrelease.to_i() >= 6) then -%>
 GSSAPIStoreCredentialsOnRekey yes
 <% end -%>
 <% if (@operatingsystem == 'Ubuntu') then -%>
@@ -84,7 +84,7 @@ GSSAPIStoreCredentialsOnRekey yes
 <% if (@pam_duo) then -%>
 
 # Require both (GSS-API|PASSWORD) and PAM.
-AuthenticationMethods gssapi-with-mic,keyboard-interactive:pam<% if password then %> password,keyboard-interactive:pam<% end %>
+AuthenticationMethods gssapi-with-mic,keyboard-interactive:pam<% if @password then %> password,keyboard-interactive:pam<% end %>
 KerberosAuthentication yes
 <% end -%>
 
-- 
GitLab