Puppet Class: sys::ssh::params

Inherited by:
sys::ssh::config
sys::ssh::install
sys::ssh::service
sys::ssh::known_hosts
Defined in:
manifests/ssh/params.pp

Overview

Class: sys::ssh::params

Platform-dependent parameters for SSH.



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
# File 'manifests/ssh/params.pp', line 5

class sys::ssh::params {
  case $::osfamily {
    darwin: {
      $client = false
      $server = false
    }
    openbsd: {
      # Installed by default on OpenBSD
      $client = false
      $server = false
      $sftp_subsystem = '/usr/libexec/sftp-server'
      $use_pam = false

      if versioncmp($::kernelmajversion, '5.0') >= 0 {
        $ecdsa = true
        $sandbox = true
      } else {
        $ecdsa = false
      }

      if versioncmp($::kernelmajversion, '5.5') >= 0 {
        $ed25519 = true
      } else {
        $ed25519 = false
      }

      if versioncmp($::kernelmajversion, '5.7') >= 0 {
        $service = 'sshd'
      } else {
        $service = false
      }
    }
    solaris: {
      if $::operatingsystemrelease < '5.11' {
        fail("SSH module supported only on Solaris 5.11 and above.\n")
      }
      $client = 'network/ssh'
      $server = 'service/network/ssh'
      $provider = 'pkg'
      $service = 'svc:/network/ssh:default'
      $sftp_subsystem = 'internal-sftp'
      $use_pam = false
      $ecdsa = false
      $ed25519 = false
    }
    debian: {
      if $::operatingsystem == 'Ubuntu' {
        $ecdsa_compare = '12'
        $ed25519_compare = '14'
      } else {
        $ecdsa_compare = '7'
        $ed25519_compare = '7'
      }

      # Facter 2.2+ changed lsbmajdistrelease fact, e.g., now returns
      # '12.04' instead of '12' on Ubuntu precise.
      $lsb_major_release = regsubst($::lsbmajdistrelease, '^(\d+).*', '\1')

      # ECDSA supported in Ubuntu 12.04 / Debian 7 and up.
      if versioncmp($lsb_major_release, $ecdsa_compare) >= 0 {
        $ecdsa = true
      } else {
        $ecdsa = false
      }

      # Ed25519 supported in Ubuntu 14.04 / Debian 7 and up.
      if versioncmp($lsb_major_release, $ed25519_compare) >= 0 {
        $ed25519 = true
      } else {
        $ed25519 = false
      }

      $client = 'openssh-client'
      $server = 'openssh-server'
      $service = 'ssh'
      $sftp_subsystem = '/usr/lib/openssh/sftp-server'
      # Necessary for motd (seriously) to work.
      $use_pam = true
    }
    redhat: {
      $client = 'openssh-clients'
      $server = 'openssh-server'
      $service = 'sshd'
      $sftp_subsystem = '/usr/libexec/openssh/sftp-server'
      $use_pam = true
      $ecdsa = false
      $ed25519 = false
    }
    default: {
      fail("The SSH module is not supported on ${::osfamily}.\n")
    }
  }

  # Configuration file locations.  Macs are the special snowflake here.
  case $::osfamily {
    darwin: {
      $ssh_config  = '/etc/ssh_config'
      $sshd_config = '/etc/sshd_config'
    }
    default: {
      $ssh_config  = '/etc/ssh/ssh_config'
      $sshd_config = '/etc/ssh/sshd_config'
    }
  }

  # Global known hosts should be same across all platforms (except
  # Cygwin, which is another story).
  $etc_ssh = '/etc/ssh'
  $known_hosts = "${etc_ssh}/ssh_known_hosts"
}