6 files changed, 25 insertions, 31 deletions

diff --git a/templates/sshd_config/CentOS.erb b/templates/sshd_config/CentOS.erb
index e1c8419..544effe 100644
--- a/templates/sshd_config/CentOS.erb
+++ b/templates/sshd_config/CentOS.erb
@@ -16,14 +16,12 @@
 
 # only protocol 2
 Protocol 2
-<%- unless sshd_port.to_s.empty? then -%>
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port %>
 <% end -%>
-<%- else -%>
-Port 22
 <%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
diff --git a/templates/sshd_config/Debian_etch.erb b/templates/sshd_config/Debian_etch.erb
index 7a38cc4..d0d7175 100644
--- a/templates/sshd_config/Debian_etch.erb
+++ b/templates/sshd_config/Debian_etch.erb
@@ -6,14 +6,12 @@
 <%- end %>
 
 # What ports, IPs and protocols we listen for
-<%- unless sshd_port.to_s.empty? then -%>
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port %>
 <% end -%>
-<%- else -%>
-Port 22
 <%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
diff --git a/templates/sshd_config/Debian_lenny.erb b/templates/sshd_config/Debian_lenny.erb
index bdccec2..ea04fe6 100644
--- a/templates/sshd_config/Debian_lenny.erb
+++ b/templates/sshd_config/Debian_lenny.erb
@@ -6,14 +6,12 @@
 <%- end %>
 
 # What ports, IPs and protocols we listen for
-<%- unless sshd_port.to_s.empty? then -%>
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port %>
 <% end -%>
-<%- else -%>
-Port 22
 <%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
@@ -138,6 +136,9 @@ KeepAlive yes
 #Banner /etc/issue.net
 #ReverseMappingCheck yes
 
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
 <%- if sshd_sftp_subsystem.to_s.empty? then %>
 Subsystem	sftp	/usr/lib/openssh/sftp-server
 <%- else %>
diff --git a/templates/sshd_config/Debian_squeeze.erb b/templates/sshd_config/Debian_squeeze.erb
index d371ed1..09f4351 100644
--- a/templates/sshd_config/Debian_squeeze.erb
+++ b/templates/sshd_config/Debian_squeeze.erb
@@ -8,15 +8,14 @@
 <%- end %>
 
 # What ports, IPs and protocols we listen for
-<%- unless sshd_port.to_s.empty? then -%>
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port %>
 <% end -%>
-<%- else -%>
-Port 22
-<%- end %>
+<%- end -%>
+
 # Use these options to restrict which interfaces/protocols sshd will bind to
 <% for address in sshd_listen_address -%>
 ListenAddress <%= address %>
@@ -179,6 +178,8 @@ UsePAM yes
 UsePAM no
 <%- end -%>
 
+HostbasedUsesNameFromPacketOnly yes
+
 <%- if sshd_tcp_forwarding.to_s == 'yes' then -%>
 AllowTcpForwarding yes
 <%- else -%>
diff --git a/templates/sshd_config/Gentoo.erb b/templates/sshd_config/Gentoo.erb
index 2112f0d..768d3f5 100644
--- a/templates/sshd_config/Gentoo.erb
+++ b/templates/sshd_config/Gentoo.erb
@@ -14,14 +14,12 @@
 <%= sshd_head_additional_options %>
 <%- end %>
 
-<%- unless sshd_port.to_s.empty? then -%>
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port %>
 <% end -%>
-<%- else -%>
-Port 22
 <%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
diff --git a/templates/sshd_config/OpenBSD.erb b/templates/sshd_config/OpenBSD.erb
index 69e8afa..51662d3 100644
--- a/templates/sshd_config/OpenBSD.erb
+++ b/templates/sshd_config/OpenBSD.erb
@@ -12,14 +12,12 @@
 <%= sshd_head_additional_options %>
 <%- end %>
 
-<%- unless sshd_port.to_s.empty? then -%>
-<%- if sshd_port.to_s == 'off' then -%>
+<%- sshd_ports.each do |port| -%>
+<%- if port.to_s == 'off' then -%>
 #Port -- disabled by puppet
 <% else -%>
-Port <%= sshd_port -%>
+Port <%= port %>
 <% end -%>
-<%- else -%>
-Port 22
 <%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to