Puppet Class: ssh::client::params

Defined in:
manifests/client/params.pp

Summary

Default parameters for the SSH client

Overview

Author:



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'manifests/client/params.pp', line 5

class ssh::client::params {
  $_fallback_macs = [ 'hmac-sha1' ]
  $_fallback_ciphers = [
    'aes256-ctr',
    'aes192-ctr',
    'aes128-ctr'
  ]

  $fips_macs = [
    'hmac-sha2-256',
    'hmac-sha1'
  ]
  $fips_ciphers = [
    'aes256-ctr',
    'aes192-ctr',
    'aes128-ctr'
  ]

  # FIPS mode not enabled, stay within the bounds but expand the options
  $macs = [
    'hmac-sha2-512-etm@openssh.com',
    'hmac-sha2-256-etm@openssh.com',
    'hmac-sha2-512',
    'hmac-sha2-256'
  ]
  $ciphers = [
    'aes256-gcm@openssh.com',
    'aes128-gcm@openssh.com',
    'aes256-ctr',
    'aes192-ctr',
    'aes128-ctr'
  ]

  # If the host is configured to use IPA, enable this setting
  if $facts['ipa'] {
    $gssapiauthentication = true
  }
  else {
    $gssapiauthentication = false
  }
}