ssh_instance: write ciphers,macs and kex as comma-separated string (#401

) As the man page of sshd_config(5) describes: "Multiple ciphers/macs/kexalgorithms must be comma-separated." Using an array or YAML list for ciphers/mac/kex results in multiple entries in sshd_config. If multiple entries are set in sshd_config, sshd takes only the first one. Fixes #400
saz · Dec 24, 2024 · c3d6aa8 · c3d6aa8
1 parent 2d19df9
commit c3d6aa8
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/templates/ssh_instance.erb b/templates/ssh_instance.erb
@@ -40,22 +40,30 @@ ListenAddress <%= listen %>
 <%- v.keys.sort.each do |key| -%>
     <%- value = v[key] -%>
     <%- if value.is_a?(Array) -%>
+    <%- if ['ciphers', 'macs', 'kexalgorithms'].include?(key.downcase) -%>
+    <%= key %> <%= value.join(',') %>
+    <%- else -%>
     <%- value.each do |a| -%>
     <%- if a != '' && a != nil -%>
     <%= key %> <%= bool2str(a) %>
     <%- end -%>
     <%- end -%>
+    <%- end -%>
     <%- elsif value != '' && value != nil -%>
     <%= key %> <%= bool2str(value) %>
     <%- end -%>
 <%- end -%>
 <%- else -%>
 <%- if v.is_a?(Array) -%>
+<%- if ['ciphers', 'macs', 'kexalgorithms'].include?(k.downcase) -%>
+<%= k %> <%= v.join(',') %>
+<%- else -%>
 <%- v.each do |a| -%>
 <%- if a != '' && a != nil -%>
 <%= k %> <%= bool2str(a) %>
 <%- end -%>
 <%- end -%>
+<%- end -%>
 <%- elsif v != nil and v != '' -%>
 <%= k %> <%= bool2str(v) %>
 <%- end -%>