From 468203094a9939775242d4d8d194bd605b2588c6 Mon Sep 17 00:00:00 2001
From: Richard Vodden <richard@humanisingautonomy.com>
Date: Tue, 4 Feb 2025 13:45:13 +0000
Subject: [PATCH] Ensure sshd_config syntax is correct if value is set for
 ssh_permit_tunnel

Signed-off-by: Richard Vodden <richard@humanisingautonomy.com>
---
 roles/ssh_hardening/templates/opensshd.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/ssh_hardening/templates/opensshd.conf.j2 b/roles/ssh_hardening/templates/opensshd.conf.j2
index 4f2a9f508..67e117a50 100644
--- a/roles/ssh_hardening/templates/opensshd.conf.j2
+++ b/roles/ssh_hardening/templates/opensshd.conf.j2
@@ -206,7 +206,7 @@ ClientAliveInterval {{ ssh_client_alive_interval }}
 ClientAliveCountMax {{ ssh_client_alive_count }}
 
 # Disable tunneling
-PermitTunnel {{ ssh_permit_tunnel }}
+PermitTunnel {{ 'yes' if (ssh_permit_tunnel|bool) else 'no' }}
 
 # Disable forwarding tcp connections.
 # no real advantage without denied shell access