%post ( # post-sshd-config-ten-ten.tmpl # minimal sshd config allowing ssh_keys access on 10.10. network # expect sshd to be reconfigured by CFEngine # SSHD Config, defaults have been stripped out cp /etc/ssh/sshd_config /etc/ssh/sshd_config.install.orig cat > /etc/ssh/sshd_config << 'ENDSSHCONFIG' SyslogFacility AUTHPRIV PasswordAuthentication no ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM yes X11Forwarding yes PermitRootLogin without-password Subsystem sftp /usr/libexec/openssh/sftp-server ListenAddress $ip_priv ENDSSHCONFIG ) 2>&1 | tee /root/post-sshd-config-ten-ten.log %end