regenconf: Add a new ssh security setting to hide the banner

conf/ssh/sshd_config

@@ -64,7 +64,13 @@ PasswordAuthentication no
 {% endif %}
 
 # Post-login stuff
+# PLEASE: if you wish to hide the system name and version when attempting to connect to your server, run this command:
+# yunohost settings set security.ssh.ssh_banner -v no
+{% if banner == "False" %}
+#Banner none
+{% else %}
 Banner /etc/issue.net
+{% endif %}
 PrintMotd no
 PrintLastLog yes
 ClientAliveInterval 60

hooks/conf_regen/03-ssh

@@ -18,6 +18,7 @@ do_pre_regen() {
     export compatibility="$(yunohost settings get 'security.ssh.ssh_compatibility')"
     export port="$(yunohost settings get 'security.ssh.ssh_port')"
     export password_authentication="$(yunohost settings get 'security.ssh.ssh_password_authentication' | int_to_bool)"
+    export banner="$(yunohost settings get 'security.ssh.ssh_banner')"
     export ssh_keys
     export ipv6_enabled
     ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config"

share/config_global.toml

@@ -43,6 +43,10 @@ name = "Security"
         type = "boolean"
         default = true
 
+        [security.ssh.ssh_banner]
+        type = "boolean"
+        default = true
+
     [security.nginx]
     name = "NGINX (web server)"
         [security.nginx.nginx_redirect_to_https]