ssh

Build Status Code Coverage Puppet Forge Puppet Forge - downloads Puppet Forge - endorsement Puppet Forge - scores

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with ssh
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module

Overview

This module installs, configures and manages the SSH service.

Module Description

This module handles installing, configuring and running SSH across a range of operating systems and distributions.

Setup

What ssh affects

  • ssh package.
  • ssh configuration file.
  • ssh service.

Setup Requirements

Beginning with ssh

Install ssh with the default parameters (No configuration files will be changed).

    class { 'ssh': }

Install ssh with the recommended parameters.

    class { 'ssh':
      config_file_template => "ssh/${::lsbdistcodename}/etc/ssh/sshd_config.erb",
    }

Usage

Update the ssh package.

    class { 'ssh':
      package_ensure => 'latest',
    }

Remove the ssh package.

    class { 'ssh':
      package_ensure => 'absent',
    }

Purge the ssh package (All configuration files will be removed).

    class { 'ssh':
      package_ensure => 'purged',
    }

Deploy the configuration files from source directory.

    class { 'ssh':
      config_dir_source => "puppet:///modules/ssh/${::lsbdistcodename}/etc/ssh",
    }

Deploy the configuration files from source directory (Unmanaged configuration files will be removed).

    class { 'ssh':
      config_dir_purge  => true,
      config_dir_source => "puppet:///modules/ssh/${::lsbdistcodename}/etc/ssh",
    }

Deploy the configuration file from source.

    class { 'ssh':
      config_file_source => "puppet:///modules/ssh/${::lsbdistcodename}/etc/ssh/sshd_config",
    }

Deploy the configuration file from string.

    class { 'ssh':
      config_file_string => '# THIS FILE IS MANAGED BY PUPPET',
    }

Deploy the configuration file from template.

    class { 'ssh':
      config_file_template => "ssh/${::lsbdistcodename}/etc/ssh/sshd_config.erb",
    }

Deploy the configuration file from custom template (Additional parameters can be defined).

    class { 'ssh':
      config_file_template     => "ssh/${::lsbdistcodename}/etc/ssh/sshd_config.erb",
      config_file_options_hash => {
        'key' => 'value',
      },
    }

Deploy additional configuration files from source, string or template.

    class { 'ssh':
      config_file_hash => {
        'ssh.2nd.conf' => {
          config_file_path   => '/etc/ssh/ssh.2nd.conf',
          config_file_source => "puppet:///modules/ssh/${::lsbdistcodename}/etc/ssh/ssh.2nd.conf",
        },
        'ssh.3rd.conf' => {
          config_file_path   => '/etc/ssh/ssh.3rd.conf',
          config_file_string => '# THIS FILE IS MANAGED BY PUPPET',
        },
        'ssh.4th.conf' => {
          config_file_path     => '/etc/ssh/ssh.4th.conf',
          config_file_template => "ssh/${::lsbdistcodename}/etc/ssh/ssh.4th.conf.erb",
        },
      },
    }

Disable the ssh service.

    class { 'ssh':
      service_ensure => 'stopped',
    }

Reference

Classes

Public Classes

  • ssh: Main class, includes all other classes.

Private Classes

  • ssh::install: Handles the packages.
  • ssh::config: Handles the configuration file.
  • ssh::service: Handles the service.

Parameters

package_ensure

Determines if the package should be installed. Valid values are 'present', 'latest', 'absent' and 'purged'. Defaults to 'present'.

package_name

Determines the name of package to manage. Defaults to 'openssh-server'.

package_list

Determines if additional packages should be managed. Defaults to 'undef'.

config_dir_ensure

Determines if the configuration directory should be present. Valid values are 'absent' and 'directory'. Defaults to 'directory'.

config_dir_path

Determines if the configuration directory should be managed. Defaults to '/etc/ssh'

config_dir_purge

Determines if unmanaged configuration files should be removed. Valid values are 'true' and 'false'. Defaults to 'false'.

config_dir_recurse

Determines if the configuration directory should be recursively managed. Valid values are 'true' and 'false'. Defaults to 'true'.

config_dir_source

Determines the source of a configuration directory. Defaults to 'undef'.

config_file_ensure

Determines if the configuration file should be present. Valid values are 'absent' and 'present'. Defaults to 'present'.

config_file_path

Determines if the configuration file should be managed. Defaults to '/etc/ssh/sshd_config'

config_file_owner

Determines which user should own the configuration file. Defaults to 'root'.

config_file_group

Determines which group should own the configuration file. Defaults to 'root'.

config_file_mode

Determines the desired permissions mode of the configuration file. Defaults to '0644'.

config_file_source

Determines the source of a configuration file. Defaults to 'undef'.

config_file_string

Determines the content of a configuration file. Defaults to 'undef'.

config_file_template

Determines the content of a configuration file. Defaults to 'undef'.

config_file_notify

Determines if the service should be restarted after configuration changes. Defaults to 'Service[ssh]'.

config_file_require

Determines which package a configuration file depends on. Defaults to 'Package[openssh-server]'.

config_file_hash

Determines which configuration files should be managed via ssh::define. Defaults to '{}'.

config_file_options_hash

Determines which parameters should be passed to an ERB template. Defaults to '{}'.

service_ensure

Determines if the service should be running or not. Valid values are 'running' and 'stopped'. Defaults to 'running'.

service_name

Determines the name of service to manage. Defaults to 'ssh'.

service_enable

Determines if the service should be enabled at boot. Valid values are 'true' and 'false'. Defaults to 'true'.

allow_groups

Determines which groups are allowed to login. Defaults to '[]'.

allow_users

Determines which users are allowed to login. Defaults to '[]'.

deny_groups

Determines which groups are not allowed to login. Defaults to '[]'.

deny_users

Determines which users are not allowed to login. Defaults to '[]'.

password_authentication

Determines if password authentication is allowed. Valid values are 'yes' and 'no'. Defaults to 'yes'.

permit_root_login

Determines if user root is allowed to login. Valid values are 'yes' and 'no'. Defaults to 'no'.

pubkey_authentication

Determines if public key authentication is allowed. Valid values are 'yes' and 'no'. Defaults to 'yes'.

use_dns

Determines if the remote hostname should be resolved. Valid values are 'yes' and 'no'. Defaults to 'yes'.

use_pam

Determines if the Pluggable Authentication Module should be enabled. Valid values are 'yes' and 'no'. Defaults to 'yes'.

Limitations

This module has been tested on:

  • Debian 6/7/8
  • Ubuntu 12.04/14.04

Development

Bug Report

If you find a bug, have trouble following the documentation or have a question about this module - please create an issue.

Pull Request

If you are able to patch the bug or add the feature yourself - please make a pull request.

Contributors

The list of contributors can be found at: https://github.com/dhoppe/puppet-ssh/graphs/contributors