From c3d6aa86521dcb457e3cc0cb4a5353a5c57105b2 Mon Sep 17 00:00:00 2001 From: Rene Trippen Date: Tue, 24 Dec 2024 16:52:02 +0100 Subject: [PATCH] ssh_instance: write ciphers,macs and kex as comma-separated string (#401) As the man page of sshd_config(5) describes: "Multiple ciphers/macs/kexalgorithms must be comma-separated." Using an array or YAML list for ciphers/mac/kex results in multiple entries in sshd_config. If multiple entries are set in sshd_config, sshd takes only the first one. Fixes #400 --- templates/ssh_instance.erb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/templates/ssh_instance.erb b/templates/ssh_instance.erb index 66ae52ac..126aed4c 100644 --- a/templates/ssh_instance.erb +++ b/templates/ssh_instance.erb @@ -40,22 +40,30 @@ ListenAddress <%= listen %> <%- v.keys.sort.each do |key| -%> <%- value = v[key] -%> <%- if value.is_a?(Array) -%> + <%- if ['ciphers', 'macs', 'kexalgorithms'].include?(key.downcase) -%> + <%= key %> <%= value.join(',') %> + <%- else -%> <%- value.each do |a| -%> <%- if a != '' && a != nil -%> <%= key %> <%= bool2str(a) %> <%- end -%> <%- end -%> + <%- end -%> <%- elsif value != '' && value != nil -%> <%= key %> <%= bool2str(value) %> <%- end -%> <%- end -%> <%- else -%> <%- if v.is_a?(Array) -%> +<%- if ['ciphers', 'macs', 'kexalgorithms'].include?(k.downcase) -%> +<%= k %> <%= v.join(',') %> +<%- else -%> <%- v.each do |a| -%> <%- if a != '' && a != nil -%> <%= k %> <%= bool2str(a) %> <%- end -%> <%- end -%> +<%- end -%> <%- elsif v != nil and v != '' -%> <%= k %> <%= bool2str(v) %> <%- end -%>