{{ ansible_managed | comment }}

Port {{ openssh_port }}
AddressFamily {{ openssh_address_family }}
{% for a in openssh_listen_addresses %}
ListenAddress {{ a }}
{% endfor %}

{% if openssh_hostkeys is defined %}
{% for hostkey in openssh_hostkeys %}
HostKey {{ hostkey }}
{% endfor %}
{% endif %}

{% if openssh_kexalgorithms is defined %}
KexAlgorithms {% for alg in openssh_kexalgorithms %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
{% endif %}

{% if openssh_ciphers is defined %}
Ciphers {% for alg in openssh_ciphers %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
{% endif %}

{% if openssh_macs is defined %}
MACs {% for alg in openssh_macs %}{{ alg }}{{ "," if not loop.last }}{% endfor %}
{% endif %}


AllowGroups {{ openssh_allow_groups }}
LoginGraceTime {{ openssh_login_grace_time }}
PermitRootLogin {{ openssh_permit_root_login }}
StrictModes {{ openssh_strict_modes }}
MaxAuthTries {{ openssh_max_auth_tries }}
MaxSessions {{ openssh_max_sessions }}

PubkeyAuthentication {{ openssh_pubkey_authentication }}
AuthorizedKeysFile {{ openssh_authorized_keys_file }}

HostbasedAuthentication {{ openssh_hostbased_authentication }}

PasswordAuthentication {{ openssh_password_authentication }}
PermitEmptyPasswords {{ openssh_permit_empty_passwords }}
ChallengeResponseAuthentication {{ openssh_challenge_response_authentication }}
KerberosAuthentication {{ openssh_kerberos_authentication }}
GSSAPIAuthentication {{ openssh_gssapi_authentication }}
UsePAM {{ openssh_use_pam }}

AllowAgentForwarding {{ openssh_allow_agent_forwarding }}
PermitTunnel {{ openssh_permit_tunnel }}

X11Forwarding {{ openssh_x11_forwarding }}
PrintMotd {{ openssh_print_motd }}

{% if openssh_banner == true %}
Banner {{ openssh_banner_file }}
{% endif %}

{% if openssh_permit_user_env == true %}
PermitUserEnvironment yes

{% for e in openssh_accept_env %}
AcceptEnv {{ e }}
{% endfor %}
{% else %}
PermitUserEnvironment no
{% endif %}

LogLevel {{ openssh_loglevel }}

{% if ansible_facts['os_family'] == 'RedHat' %}
Subsystem sftp	/usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
{% elif ansible_facts['os_family'] == 'Debian' %}
Subsystem sftp	/usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
{% endif %}