Puppet Class: ssh::server

Inherits:
ssh::params
Defined in:
manifests/server.pp

Overview

Class: ssh::server

Manage SSH on a system

Parameters:

ensure

What state to ensure for the package. Accepts the same values as the parameter of the same name for a package type. Default: present

ensure_running

Whether to ensure running sshd or not. Default: running

ensure_enabled

Whether to ensure that sshd is started on boot or not. Default: true

manage_config

Whether to manage sshd_config or not. Default: true

manage_hostkey

Wether to manage the hostkey or not. This is required for manage_known_hosts without storeconfig/puppetdb to work. Default: false

manage_known_hosts

Whether to manage a global known_hosts file or not. Default: true

config_template

Allows specifying what template is used for the sshd_config. Default: ‘ssh/sshd_config.erb’

permit_root_login

Whether to permit root login or not.

Valid values are: yes, no, without-password and forced-commands-only
listen_address

Define the address the sshd should listen on. Default: 0.0.0.0

Author:

Patrick Schoenfeld <patrick.schoenfeld@credativ.de>

Parameters:

  • ensure (Any) (defaults to: $ssh::params::ensure)
  • ensure_running (Any) (defaults to: $ssh::params::ensure_running)
  • ensure_enabled (Any) (defaults to: $ssh::params::ensure_enabled)
  • manage_config (Any) (defaults to: $ssh::params::manage_config)
  • manage_known_hosts (Any) (defaults to: $ssh::params::manage_known_hosts)
  • manage_hostkey (Any) (defaults to: $ssh::params::manage_hostkey)
  • config_template (Any) (defaults to: $ssh::params::config_template)
  • hostkey_name (Any) (defaults to: $ssh::params::hostkey_name)
  • hostaliases (Any) (defaults to: $ssh::params::hostaliases)
  • service_name (Any) (defaults to: $ssh::params::service_name)
  • permit_root_login (Any) (defaults to: $ssh::params::permit_root_login)
  • listen_address (Any) (defaults to: $ssh::params::listen_address)
  • options (Any) (defaults to: $ssh::params::options) 


49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'manifests/server.pp', line 49

class ssh::server (
    $ensure             = $ssh::params::ensure,
    $ensure_running     = $ssh::params::ensure_running,
    $ensure_enabled     = $ssh::params::ensure_enabled,
    $manage_config      = $ssh::params::manage_config,
    $manage_known_hosts = $ssh::params::manage_known_hosts,
    $manage_hostkey     = $ssh::params::manage_hostkey,
    $config_template    = $ssh::params::config_template,
    $hostkey_name       = $ssh::params::hostkey_name,
    $hostaliases        = $ssh::params::hostaliases,
    $service_name       = $ssh::params::service_name,
    $permit_root_login  = $ssh::params::permit_root_login,
    $listen_address     = $ssh::params::listen_address,
    $options            = $ssh::params::options,
    ) inherits ssh::params {

    validate_re($permit_root_login,
        ['yes', 'no', 'without-password', 'forced-commands-only']
    )

    package { 'openssh-server':
        ensure => $ensure
    }

    if $manage_config {
        file { '/etc/ssh/sshd_config':
            owner   => root,
            group   => root,
            mode    => '0644',
            notify  => Service[$service_name],
            require => Package['openssh-server'],
            content => template('ssh/sshd_config.erb')
        }
    }

    service { $service_name:
        ensure     => $ensure_running,
        enable     => $ensure_enabled,
        hasrestart => true,
        hasstatus  => true,
        require    => [
            File['/etc/ssh/sshd_config'],
            Package['openssh-server']
        ],
    }

    class { 'ssh::hostkey':
        manage_hostkey => $manage_hostkey,
        hostkey_name   => $hostkey_name,
        hostaliases    => $hostaliases,
    } ~>
    class { 'ssh::known_hosts':
        manage         => $manage_known_hosts,
        manage_hostkey => $manage_hostkey,
    }
}