Resource Type: sshd_config

Defined in:
lib/puppet/type/sshd_config.rb
Providers:
augeas

Overview

Manages settings in an OpenSSH sshd_config file.

The resource name is used for the setting name, but if the ‘condition` is given, then the name can be something else and the `key` given as the name of the setting.

Subsystem entries are not managed by this type. There is a specific ‘sshd_config_subsystem` type to manage these entries.

Properties

  • comment

    Text to be stored in a comment immediately above the entry. It will be automatically prepended with the name of the variable in order for the provider to know whether it controls the comment or not.

  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent
  • value

    Value to change the setting to. The follow parameters take an array of values:

    • AcceptEnv;

    • AllowGroups;

    • AllowUsers;

    • Ciphers;

    • DenyGroups;

    • DenyUsers;

    • Port;

    • KexAlgorithms;

    • MACs;

    • HostKeyAlgorithms.

    All other parameters take a string. When passing an array to other parameters, only the first value in the array will be considered.

Parameters

  • array_append (defaults to: false)

    Whether to add to existing array values or replace all values.

    Supported values:
    • false
    • true
  • condition

    Match group condition for the entry, in the format:

    sshd_config { 'PermitRootLogin':
  value     => 'without-password',
  condition => 'Host example.net',
}

    The value can contain multiple conditions, concatenated together with whitespace. This is used if the ‘Match` block has multiple criteria.

    condition => 'Host example.net User root'
  • key

    Overrides setting name to prevent resource conflicts if ‘condition` is given.

  • name (namevar)

    The name of the setting, or a unique string if ‘condition` given.

  • provider

    The specific backend to use for this ‘sshd_config` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • target

    The file in which to store the settings, defaults to ‘/etc/ssh/sshd_config`.