2 files changed, 25 insertions, 0 deletions

diff --git a/files/etc/ssh/ssh_config.freebsd b/files/etc/ssh/ssh_config.freebsd
new file mode 100644
index 0000000..9be624a
--- /dev/null
+++ b/files/etc/ssh/ssh_config.freebsd
@@ -0,0 +1,9 @@
+CanonicalizeHostname always
+CanonicalizeMaxDots 0
+CanonicalDomains ${domain}
+CanonicalizePermittedCNAMEs *.${domain}:*.${domain}
+KnownHostsCommand /usr/local/libexec/idm-ssh-known-hosts %H
+
+Host *.${domain}
+  GSSAPIAuthentication yes
+  GSSAPIDelegateCredentials yes
diff --git a/files/etc/ssh/sshd_config.freebsd b/files/etc/ssh/sshd_config.freebsd
new file mode 100644
index 0000000..c933741
--- /dev/null
+++ b/files/etc/ssh/sshd_config.freebsd
@@ -0,0 +1,16 @@
+Include /etc/ssh/sshd_config.d/*.conf
+
+PermitRootLogin prohibit-password
+AuthorizedKeysFile .ssh/authorized_keys
+AuthorizedKeysCommand /usr/local/libexec/idm-ssh-authorized-keys %u
+AuthorizedKeysCommandUser ${ssh_authzkeys_user}
+
+KbdInteractiveAuthentication no
+PasswordAuthentication yes
+
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
+UsePAM yes
+UseDNS no
+
+Subsystem	sftp	/usr/libexec/sftp-server