1 files changed, 55 insertions, 82 deletions

diff --git a/README.md b/README.md
index 9149193..f722857 100644
--- a/README.md
+++ b/README.md
@@ -85,130 +85,103 @@ The following is a list of the currently available variables:
 
   - `listen_address`
         specify the addresses sshd should listen on set this to `['10.0.0.1', '192.168.0.1']` to have it listen on both addresses, or leave it unset to listen on all Default: empty -> results in listening on `0.0.0.0`
-
   - `allowed_users`
     list of usernames separated by spaces.  set this for example to `"foobar
     root"` to ensure that only user foobar and root might login.  Default: empty
     -> no restriction is set
-
   - `allowed_groups`
     list of groups separated by spaces. set this for example to `"wheel sftponly"`
     to ensure that only users in the groups wheel and sftponly might login.
     Default: empty -> no restriction is set Note: This is set after
     `allowed_users`, take care of the behaviour if you use these 2 options
     together.
-
   - `use_pam` if you want to use pam or not for authenticaton. Values:
     - `no` (default)
     - `yes`
-
   - `permit_root_login` If you want to allow root logins or not. Valid values:
     - `yes`
     - `no`
     - `without-password` (default)
     - `forced-commands-only`
-
   - `password_authentication`
-    If you want to enable password authentication or not. Valid values: `yes` or
-    `no`; Default: `no`
-
+    If you want to enable password authentication or not. Valid values:
+    - `yes`
+    - `no` (default)
   - `kerberos_authentication`
     If you want the password that is provided by the user to be validated
     through the Kerberos KDC. To use this option the server needs a Kerberos
     servtab which allows the verification of the KDC's identity. Valid values:
-    `yes` or `no`; Default: `no`
-
-  - `kerberos_orlocalpasswd`
-    If password authentication through Kerberos fails, then the password will be
-    validated via any additional local mechanism.  Valid values: `yes` or `no`;
-    Default: `yes`
-
-  - `kerberos_ticketcleanup`
-    Destroy the user's ticket cache file on logout?  Valid values: `yes` or `no`;
-    Default: `yes`
-
-  - `gssapi_authentication`
-    Authenticate users based on GSSAPI? Valid values: `yes` or `no`; Default: `no`
-
-  - `gssapi_cleanupcredentials`
-    Destroy user's credential cache on logout? Valid values: `yes` or `no`; Default:
-    `yes`
-
-  - `challenge_response_authentication`
-    If you want to enable ChallengeResponseAuthentication or not When disabled,
-    s/key passowords are disabled Valid values: `yes` or `no`; Default: `no`
-
-  - `tcp_forwarding`
-    If you want to enable TcpForwarding. Valid Values: `yes` or `no`; Default: `no`
-
-  - `x11_forwarding`
-    If you want to enable x11 forwarding. Valid Values: `yes` or `no`; Default: `no`
-
-  - `agent_forwarding`
-    If you want to allow ssh-agent forwarding. Valid Values: `yes` or `no`; Default:
-    `no`
-
-  - `pubkey_authentication`
-    If you want to enable public key authentication. Valid Values: `yes` or `no`;
-    Default: `yes`
-
-  - `rsa_authentication`
-    If you want to enable RSA Authentication. Valid Values: `yes` or `no`; Default:
-    `no`
-
+    - `yes`
+    - `no` (default)
+  - `kerberos_orlocalpasswd` If password authentication through Kerberos fails, then the password will be validated via any additional local mechanism.  Valid values:
+    - `yes` (default)
+    - `no`
+  - `kerberos_ticketcleanup` Destroy the user's ticket cache file on logout?  Valid values:
+    - `yes` (default)
+    - `no`
+  - `gssapi_authentication` Authenticate users based on GSSAPI? Valid values:
+    - `yes`
+    - `no` (default)
+  - `gssapi_cleanupcredentials` Destroy user's credential cache on logout? Valid values:
+    - `yes` (default)
+    - `no`
+  - `challenge_response_authentication` If you want to enable ChallengeResponseAuthentication or not When disabled, s/key passwords are disabled. Valid values:
+    - `yes`
+    - `no` (default)
+  - `tcp_forwarding` If you want to enable TcpForwarding. Valid values:
+    - `yes`
+    - `no` (default)
+  - `x11_forwarding` If you want to enable x11 forwarding. Valid values:
+    - `yes`
+    - `no` (default)
+  - `agent_forwarding` If you want to allow ssh-agent forwarding. Valid values:
+    - `yes`
+    - `no` (default)
+  - `pubkey_authentication` If you want to enable public key authentication. Valid values:
+    - `yes` (default)
+    - `no`
+  - `rsa_authentication` If you want to enable RSA Authentication. Valid values:
+    - `yes`
+    - `no` (default)
   - `rhosts_rsa_authentication`
-    If you want to enable rhosts RSA Authentication. Valid Values: `yes` or `no`;
-    Default: `no`
-
-  - `hostbased_authentication`
-    If you want to enable `HostbasedAuthentication`. Valid Values: `yes` or `no`;
-    Default: `no`
-
-  - `strict_modes`
-    If you want to set `StrictModes` (check file modes/ownership before accepting
-    login). Valid Values: `yes` or `no`; Default: yes
-
+    If you want to enable rhosts RSA Authentication. Valid values:
+    - `yes`
+    - `no` (default)
+  - `hostbased_authentication` If you want to enable `HostbasedAuthentication`. Valid values:
+    - `yes`
+    - `no` (default)
+  - `strict_modes` If you want to set `StrictModes` (check file modes/ownership before accepting login). Valid values:
+    - `yes` (default)
+    - `no`
   - `permit_empty_passwords`
     If you want enable PermitEmptyPasswords to allow empty passwords. Valid
-    Values: `yes` or `no`; Default: `no`
-
-  - `ports`
-    If you want to specify a list of ports other than the default `22`; Default:
-    `[22]`
-
+    Values:
+    - `yes`
+    - `no` (default)
+  - `ports` If you want to specify a list of ports other than the default `22`; Default: `[22]`
   - `authorized_keys_file`
     Set this to the location of the AuthorizedKeysFile
     (e.g. `/etc/ssh/authorized_keys/%u`). Default: `AuthorizedKeysFile
     %h/.ssh/authorized_keys`
-
   - `hardened_ssl`
     Use only strong SSL ciphers and MAC.
-    Values: `no` or `yes`; Default: `no`.
-
+    Values:
+    - `no` (default)
+    - `yes`
   - `print_motd`
     Show the Message of the day when a user logs in.
-
   - `sftp_subsystem`
     Set a different sftp-subystem than the default one. Might be interesting for
     sftponly usage. Default: empty -> no change of the default
-
   - `head_additional_options`
     Set this to any additional sshd_options which aren't listed above. Anything
     set here will be added to the beginning of the sshd_config file. This option
     might be useful to define complicated Match Blocks. This string is going to
     be included, like it is defined. So take care! Default: empty -> not added.
-
-  - `tail_additional_options`
-
-    Set this to any additional sshd_options which aren't listed above. Anything
-    set here will be added to the end of the sshd_config file. This option might
-    be useful to define complicated Match Blocks. This string is going to be
-    included, like it is defined. So take care! Default: empty -> not added.
-
-  - `shared_ip`
-    Whether the server uses a shared network IP address. If it does, then we
-    don't want it to export an rsa key for its IP address.
-    Values: `no` or `yes`; Default: `no`
+  - `tail_additional_options` Set this to any additional sshd_options which aren't listed above. Anything set here will be added to the end of the sshd_config file. This option might be useful to define complicated Match Blocks. This string is going to be included, like it is defined. So take care! Default: empty -> not added.
+  - `shared_ip` Whether the server uses a shared network IP address. If it does, then we don't want it to export an rsa key for its IP address. Values:
+  - `no` (default)
+  - `yes`
 
 
 ### Defines and functions