From 2e229681c7c63fba0c132ec4572538ba28e4e030 Mon Sep 17 00:00:00 2001
From: Mark Eggert <nteruptedservice@gmail.com>
Date: Fri, 3 Jan 2014 00:11:17 -0600
Subject: [PATCH] Adding a small variable to the OpenSSH sshd_config file so
 that the service will work correctly on Centos 6.4 and earlier

---
 openssh/files/sshd_config | 4 ++++
 openssh/init.sls          | 1 +
 2 files changed, 5 insertions(+)

diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config
index b59c59c..1a9ed64 100644
--- a/openssh/files/sshd_config
+++ b/openssh/files/sshd_config
@@ -102,7 +102,11 @@ PrintMotd no # pam does that
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
+{% if grains['os_family'] == 'RedHat' %}
+UsePrivilegeSeparation yes              # RedHat/Centos 6.4 and earlier currently ship 5.3 (sandbox introduced in OpenSSH 5.9)
+{% else %}
 UsePrivilegeSeparation sandbox		# Default for new installations.
+{% endif %}
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0
diff --git a/openssh/init.sls b/openssh/init.sls
index 2acb85e..bff357d 100644
--- a/openssh/init.sls
+++ b/openssh/init.sls
@@ -29,6 +29,7 @@ sshd_config:
   file.managed:
     - name: /etc/ssh/sshd_config
     - source: salt://openssh/files/sshd_config
+    - template: jinja
     - user: root
     - mode: 600