From 99b8524c16cc99ceeaf1ebf588f2fc0f2c0fbe0a Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Sat, 12 Oct 2024 08:14:59 -0400
Subject: add a bunch of hostclasses

---
 files/usr/local/etc/ssh/sshd_config.d/acmeproxy.conf.common | 11 +++++++++++
 files/usr/local/etc/ssh/sshd_config.freebsd                 |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 files/usr/local/etc/ssh/sshd_config.d/acmeproxy.conf.common

(limited to 'files/usr/local/etc/ssh')

diff --git a/files/usr/local/etc/ssh/sshd_config.d/acmeproxy.conf.common b/files/usr/local/etc/ssh/sshd_config.d/acmeproxy.conf.common
new file mode 100644
index 0000000..63022e3
--- /dev/null
+++ b/files/usr/local/etc/ssh/sshd_config.d/acmeproxy.conf.common
@@ -0,0 +1,11 @@
+Match Group ${acmeproxy_client_group}
+  ChrootDirectory ${acmeproxy_home}
+  ForceCommand internal-sftp -R
+  DisableForwarding yes
+  PermitUserRC no
+  PermitTTY no
+  GSSAPIAuthentication yes
+  KbdInteractiveAuthentication no
+  PasswordAuthentication no
+  PubkeyAuthentication no
+  AuthenticationMethods gssapi-with-mic
diff --git a/files/usr/local/etc/ssh/sshd_config.freebsd b/files/usr/local/etc/ssh/sshd_config.freebsd
index 52d9bfe..eca2276 100644
--- a/files/usr/local/etc/ssh/sshd_config.freebsd
+++ b/files/usr/local/etc/ssh/sshd_config.freebsd
@@ -1,4 +1,4 @@
-Include /etc/ssh/sshd_config.d/*.conf
+Include /usr/local/etc/ssh/sshd_config.d/*.conf
 
 PermitRootLogin prohibit-password
 AuthorizedKeysFile .ssh/authorized_keys
-- 
cgit v1.2.3