Puppet Class: ssh::client

Defined in:
manifests/client.pp

Overview

Class: ssh::client

Class to install and configure the ssh client.

Parameters

host

A hash of hashes for each ‘Host’ section to be defined in the global ssh_config file.

All configuration options are available for use in the global ssh_config file. This class does not manage user specific ~/.ssh/config files.

Variables

bsd_pkg_path

The PKG_PATH setting for *BSD operating systems. This value is used for the ‘source’ attribute of the ‘package’ resource.

ssh_config

Full path to the ssh_config file

Example

class { 'ssh::client': }

class { 'ssh::client':
    host => {
        "*.${domain}" => {
            'forwardx11'             => true,
            'forwardx11trusted'      => true,
            'passwordauthentication' => false,
            'port'                   => 2242,
            'protocol'               => 2,
            'sendenv'                => [
                'LANG', 'LC_CTYPE', 'LC_NUMERIC', 'LC_TIME', 'LC_COLLATE',
                'LC_MONETARY', 'LC_MESSAGES', 'LC_PAPER', 'LC_NAME',
                'LC_ADDRESS', 'LC_TELEPHONE', 'LC_MEASUREMENT',
                'LC_IDENTIFICATION', 'LC_ALL'
            ],
            'stricthostkeychecking'  => true,
        },
    }
}

Supported Operating Systems

Primary development is done on Debian and then validated
against other operating systems.  The current list of
supported operating systems is:

* Centos
* Debian
* Fedora
* FreeBSD
* OpenSUSE
* OpenBSD
* RedHat
* SLES
* Ubuntu

Authors

Bennett Samowich <bennett@foolean.org>

Copyright (c) 2013 Foolean.org

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Parameters:

  • host (Any) (defaults to: false) 


82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
 
# File 'manifests/client.pp', line 82

class ssh::client (
    $host = false
) {
    include ssh

    # Dummy package for the purpose of controlling flow since the actual
    # package name will ultimately be dynamic.
    package { 'ssh-client-package': ensure => 'absent' }

    # The package names can be different depending on the operating system.
    # In some cases, such as OpenBSD, SSH is included as part of the base
    # installation.  We still want other SSH related resources to 'require'
    # the package.  In order to keep things consistent we use a dummy package
    # for OpenBSD and specify 'ensure => absent', which should always return
    # success.
    case $::operatingsystem {
        'centos': {
            include ssh::package::openssh-clients
            $ok = true
        }
        'debian','fedora','redhat','ubuntu': {
            class { 'ssh::package::openssh-client': }
            $ok = true
        }

        # It may feel like a kludge but it works quite well as SSH is included
        # in the OpenBSD and FreeBSD operating systems and doesn't require an
        # actual package.
        'freebsd','openbsd': {
            $ok = true
        }

        'opensuse','sles': {
            include ssh::package::openssh
            $ok = true
        }

        default: {
            notify { "ssh_client_package_${::operatingsystem}_unknown":
                loglevel => 'alert',
                message  => "Unknown OS '${::operatingsystem}', skipping package install",
            }
            $ok = false
        }
    }

    if $ok {
        # Path to the ssh_config file
        $ssh_config = $::operatingsystem ? {
            default => '/etc/ssh/ssh_config',
        }

        # Path to the ssh_known_hosts file
        $ssh_known_hosts = $::operatingsystem ? {
            default => '/etc/ssh/ssh_known_hosts',
        }

        # Set permissions on the /etc/ssh directory
        file { '/etc/ssh':
            ensure  => 'directory',
            mode    => '0755',
            owner   => $ssh::user,
            group   => $ssh::group,
            require => Package['ssh-client-package'],
        }

        # Copy the /etc/ssh/ssh_config file
        file { $ssh_config:
            mode    => '0444',
            owner   => $ssh::user,
            group   => $ssh::group,
            content => template( "${module_name}/${ssh_config}" ),
            require => Package['ssh-client-package'],
        }

        # Copy the ssh_known_hosts file if exists in the private area
        $known_hosts = file(
            "${ssh::site_private_path}/${ssh_known_hosts}",
            "${settings::vardir}/private/${::fqdn}/${ssh_known_hosts}",
            "${settings::vardir}/hosts/${::fqdn}/${ssh_known_hosts}",
            "${settings::vardir}/nodefile/${::fqdn}/${ssh_known_hosts}",
            "${settings::vardir}/dist/${::fqdn}/${ssh_known_hosts}",
            '/dev/null'
        )
        if ( $known_hosts ) {
            file { $ssh_known_hosts:
                mode    => '0444',
                owner   => $ssh::user,
                group   => $ssh::group,
                content => inline_template( $known_hosts ),
            }
        } else {
            file { $ssh_known_hosts:
                ensure  => 'present',
                mode    => '0444',
                owner   => $ssh::user,
                group   => $ssh::group,
            }
        }
    }
}