Reference

Classes

ssh: Class to manage SSH client
ssh::server: Class to manage SSH server

Defined types

ssh::config_entry: Create config entries in a users' ~/.ssh/config

Classes

ssh

Notes: Match and Host attributes are not directly supported as multiple match/host blocks can exist. Use the custom parameter for that.

Parameters

The following parameters are available in the ssh class.

`packages`

Data type: Variant[String[1], Array[String[1]]]

Default value: ‘openssh-clients’

`package_source`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`package_adminfile`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`config_path`

Data type: Stdlib::Absolutepath

Default value: ‘/etc/ssh/ssh_config’

`config_owner`

Data type: String[1]

Default value: ‘root’

`config_group`

Data type: String[1]

Default value: ‘root’

`config_mode`

Data type: Stdlib::Filemode

Default value: ‘0644’

`global_known_hosts`

Data type: Stdlib::Absolutepath

Default value: ‘/etc/ssh/ssh_known_hosts’

`global_known_hosts_owner`

Data type: String[1]

Default value: ‘root’

`global_known_hosts_group`

Data type: String[1]

Default value: ‘root’

`global_known_hosts_mode`

Data type: Stdlib::Filemode

Default value: ‘0644’

`manage_root_ssh_config`

Data type: Boolean

Default value: false

`root_ssh_config_content`

Data type: String[1]

Default value: “# This file is being maintained by Puppet.\n# DO NOT EDIT\n”

`manage_server`

Data type: Boolean

Default value: true

`key_export`

Data type: Boolean

Default value: false

`purge_keys`

Data type: Boolean

Default value: true

`ssh_key_ensure`

Data type: Enum['present', 'absent']

Default value: ‘present’

`ssh_key_import`

Data type: Boolean

Default value: false

`ssh_key_type`

Data type: Ssh::Key::Type

Default value: ‘ssh-rsa’

`keys`

Data type: Hash

Default value: undef

`config_entries`

Data type: Hash

Default value: {}

`host`

Data type: String[1]

Default value: ‘*’

`add_keys_to_agent`

Data type: Optional[Enum['yes', 'no', 'ask', 'confirm']]

Default value: undef

`address_family`

Data type: Optional[Enum['any', 'inet', 'inet6']]

Default value: undef

`batch_mode`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`bind_address`

Data type: Optional[String[1]]

Default value: undef

`bind_interface`

Data type: Optional[String[1]]

Default value: undef

`canonical_domains`

Data type: Optional[Array[String[1]]]

Default value: undef

`canonicalize_fallback_local`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`canonicalize_hostname`

Data type: Optional[Enum['yes', 'no', 'always']]

Default value: undef

`canonicalize_max_dots`

Data type: Optional[Integer[0]]

Default value: undef

`canonicalize_permitted_cnames`

Data type: Optional[Array[String[1]]]

Default value: undef

`ca_signature_algorithms`

Data type: Optional[Array[String[1]]]

Default value: undef

`certificate_file`

Data type: Optional[Array[String[1]]]

Default value: undef

`challenge_response_authentication`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`check_host_ip`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`ciphers`

Data type: Optional[Array[String[1]]]

Default value: undef

`clear_all_forwardings`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`compression`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`connection_attempts`

Data type: Optional[Integer[0]]

Default value: undef

`connect_timeout`

Data type: Optional[Integer[0]]

Default value: undef

`control_master`

Data type: Optional[Enum['yes', 'no', 'ask', 'auto', 'autoask']]

Default value: undef

`control_path`

Data type: Optional[String[1]]

Default value: undef

`control_persist`

Data type: Optional[String[1]]

Default value: undef

`dynamic_forward`

Data type: Optional[String[1]]

Default value: undef

`enable_ssh_keysign`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`escape_char`

Data type: Optional[String[1]]

Default value: undef

`exit_on_forward_failure`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`fingerprint_hash`

Data type: Optional[Enum['sha256', 'md5']]

Default value: undef

`forward_agent`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`forward_x11`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`forward_x11_timeout`

Data type: Variant[Undef, String[1], Integer[0]]

Default value: undef

`forward_x11_trusted`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`gateway_ports`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`global_known_hosts_file`

Data type: Variant[Undef, String[1], Array[String[1]]]

Default value: undef

`gss_api_authentication`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`gss_api_delegate_credentials`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`hash_known_hosts`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`hostbased_authentication`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`hostbased_key_types`

Data type: Optional[Array[String[1]]]

Default value: undef

`host_key_algorithms`

Data type: Optional[Array[String[1]]]

Default value: undef

`host_key_alias`

Data type: Optional[String[1]]

Default value: undef

`host_name`

Data type: Optional[String[1]]

Default value: undef

`identities_only`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`identity_agent`

Data type: Optional[String[1]]

Default value: undef

`identity_file`

Data type: Optional[Array[String[1]]]

Default value: undef

`ignore_unknown`

Data type: Optional[Array[String[1]]]

Default value: undef

`include`

Data type: Optional[String[1]]

Default value: undef

`ip_qos`

Data type: Optional[String[1]]

Default value: undef

`kbd_interactive_authentication`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`kbd_interactive_devices`

Data type: Optional[Array[String[1]]]

Default value: undef

`kex_algorithms`

Data type: Optional[Array[String[1]]]

Default value: undef

`local_command`

Data type: Optional[String[1]]

Default value: undef

`local_forward`

Data type: Optional[String[1]]

Default value: undef

`log_level`

Data type: Optional[Ssh::Log_level]

Default value: undef

`no_host_authentication_for_localhost`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`number_of_password_prompts`

Data type: Optional[Integer]

Default value: undef

`password_authentication`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`permit_local_command`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`pkcs11_provider`

Data type: Optional[String[1]]

Default value: undef

`port`

Data type: Optional[Stdlib::Port]

Default value: undef

`preferred_authentications`

Data type: Optional[Array[String[1]]]

Default value: undef

`proxy_command`

Data type: Optional[String[1]]

Default value: undef

`proxy_jump`

Data type: Optional[Array[String[1]]]

Default value: undef

`proxy_use_fdpass`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`pubkey_accepted_key_types`

Data type: Optional[Array[String[1]]]

Default value: undef

`pubkey_authentication`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`rekey_limit`

Data type: Optional[String[1]]

Default value: undef

`remote_command`

Data type: Optional[String[1]]

Default value: undef

`remote_forward`

Data type: Optional[String[1]]

Default value: undef

`request_tty`

Data type: Optional[Enum['no', 'yes', 'force', 'auto']]

Default value: undef

`revoked_host_keys`

Data type: Optional[String[1]]

Default value: undef

`send_env`

Data type: Optional[Array[String[1]]]

Default value: undef

`server_alive_count_max`

Data type: Variant[Undef, String[1], Integer[0]]

Default value: undef

`server_alive_interval`

Data type: Variant[Undef, String[1], Integer[0]]

Default value: undef

`set_env`

Data type: Optional[Array[String[1]]]

Default value: undef

`stream_local_bind_mask`

Data type: Optional[Pattern[/^[0-7]{4}$/]]

Default value: undef

`stream_local_bind_unlink`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`strict_host_key_checking`

Data type: Optional[Enum['yes', 'no', 'accept-new', 'off', 'ask']]

Default value: undef

`syslog_facility`

Data type: Optional[Ssh::Syslog_facility]

Default value: undef

`tcp_keep_alive`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`tunnel`

Data type: Optional[Enum['yes', 'no', 'point-to-point', 'ethernet']]

Default value: undef

`tunnel_device`

Data type: Optional[String[1]]

Default value: undef

`update_host_keys`

Data type: Optional[Enum['yes', 'no', 'ask']]

Default value: undef

`user`

Data type: Optional[String[1]]

Default value: undef

`user_known_hosts_file`

Data type: Optional[Array[String[1]]]

Default value: undef

`verify_host_key_dns`

Data type: Optional[Enum['yes', 'no', 'ask']]

Default value: undef

`visual_host_key`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`xauth_location`

Data type: Optional[String[1]]

Default value: undef

`custom`

Data type: Optional[String[1]]

Default value: undef

ssh::server

Notes: Match attribute is not directly supported as multiple match blocks can exist. Use the custom parameter for that.

Parameters

The following parameters are available in the ssh::server class.

`packages`

Data type: Variant[String[1], Array[String[1]]]

Default value: ‘openssh-server’

`package_source`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`package_adminfile`

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

`config_path`

Data type: Stdlib::Absolutepath

Default value: ‘/etc/ssh/sshd_config’

`config_owner`

Data type: String[1]

Default value: ‘root’

`config_group`

Data type: String[1]

Default value: ‘root’

`config_mode`

Data type: Stdlib::Filemode

Default value: ‘0600’

`banner_path`

Data type: Stdlib::Absolutepath

Default value: ‘/etc/sshd_banner’

`banner_content`

Data type: Optional[String[1]]

Default value: undef

`banner_owner`

Data type: String[1]

Default value: ‘root’

`banner_group`

Data type: String[1]

Default value: ‘root’

`banner_mode`

Data type: Stdlib::Filemode

Default value: ‘0644’

`manage_service`

Data type: Boolean

Default value: true

`service_ensure`

Data type: Stdlib::Ensure::Service

Default value: ‘running’

`service_name`

Data type: String[1]

Default value: ‘sshd’

`service_enable`

Data type: Boolean

Default value: true

`service_hasrestart`

Data type: Boolean

Default value: true

`service_hasstatus`

Data type: Boolean

Default value: true

`accept_env`

Data type: Optional[Array[String[1]]]

Default value: undef

`address_family`

Data type: Optional[Enum['any', 'inet', 'inet6']]

Default value: undef

`allow_agent_forwarding`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`allow_groups`

Data type: Variant[Undef, String[1], Array[String[1]]]

Default value: undef

`allow_stream_local_forwarding`

Data type: Optional[Enum['yes', 'all', 'no', 'local', 'remote']]

Default value: undef

`allow_tcp_forwarding`

Data type: Optional[Enum['yes', 'no', 'local', 'remote']]

Default value: undef

`allow_users`

Data type: Variant[Undef, String[1], Array[String[1]]]

Default value: undef

`authentication_methods`

Data type: Optional[Array[String[1]]]

Default value: undef

`authorized_keys_command`

Data type: Optional[String[1]]

Default value: undef

`authorized_keys_command_user`

Data type: Optional[String[1]]

Default value: undef

`authorized_keys_file`

Data type: Variant[Undef, String[1], Array[String[1]]]

Default value: undef

`authorized_principals_command`

Data type: Optional[String[1]]

Default value: undef

`authorized_principals_command_user`

Data type: Optional[String[1]]

Default value: undef

`authorized_principals_file`

Data type: Optional[String[1]]

Default value: undef

`banner`

Data type: Optional[String[1]]

Default value: undef

`ca_signature_algorithms`

Data type: Optional[Array[String[1]]]

Default value: undef

`challenge_response_authentication`

Data type: Optional[String[1]]

Default value: undef

`chroot_directory`

Data type: Optional[String[1]]

Default value: undef

`ciphers`

Data type: Optional[Array[String[1]]]

Default value: undef

`client_alive_count_max`

Data type: Optional[Integer[0]]

Default value: undef

`client_alive_interval`

Data type: Optional[Integer[0]]

Default value: undef

`compression`

Data type: Optional[Enum['yes', 'delayed', 'no']]

Default value: undef

`deny_groups`

Data type: Variant[Undef, String[1], Array[String[1]]]

Default value: undef

`deny_users`

Data type: Variant[Undef, String[1], Array[String[1]]]

Default value: undef

`disable_forwarding`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`expose_auth_info`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`fingerprint_hash`

Data type: Optional[Enum['md5', 'sha256']]

Default value: undef

`force_command`

Data type: Optional[String[1]]

Default value: undef

`gateway_ports`

Data type: Optional[Enum['no', 'yes', 'clientspecified']]

Default value: undef

`gss_api_authentication`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`gss_api_cleanup_credentials`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`gss_api_strict_acceptor_check`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`hostbased_accepted_key_types`

Data type: Optional[Array[String[1]]]

Default value: undef

`hostbased_authentication`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`hostbased_uses_name_from_packet_only`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`host_certificate`

Data type: Optional[String[1]]

Default value: undef

`host_key`

Data type: Optional[Array[String[1]]]

Default value: undef

`host_key_agent`

Data type: Optional[String[1]]

Default value: undef

`host_key_algorithms`

Data type: Optional[Array[String[1]]]

Default value: undef

`ignore_rhosts`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`ignore_user_known_hosts`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`ip_qos`

Data type: Optional[String[1]]

Default value: undef

`kbd_interactive_authentication`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`kerberos_authentication`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`kerberos_get_afs_token`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`kerberos_or_local_passwd`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`kerberos_ticket_cleanup`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`kex_algorithms`

Data type: Optional[Array[String[1]]]

Default value: undef

`listen_address`

Data type: Optional[Array[String[1]]]

Default value: undef

`login_grace_time`

Data type: Optional[Integer[0]]

Default value: undef

`log_level`

Data type: Optional[Ssh::Log_level]

Default value: undef

`macs`

Data type: Optional[Array[String[1]]]

Default value: undef

`max_auth_tries`

Data type: Optional[Integer[2]]

Default value: undef

`max_sessions`

Data type: Optional[Integer[0]]

Default value: undef

`max_startups`

Data type: Optional[String[1]]

Default value: undef

`password_authentication`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`permit_empty_passwords`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`permit_listen`

Data type: Variant[Undef, String[1], Array[String[1]]]

Default value: undef

`permit_root_login`

Data type: Optional[Ssh::Permit_root_login]

Default value: undef

`permit_tty`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`permit_tunnel`

Data type: Optional[Enum['yes', 'point-to-point', 'ethernet', 'no']]

Default value: undef

`permit_user_environment`

Data type: Optional[String[1]]

Default value: undef

`permit_user_rc`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`pid_file`

Data type: Optional[String[1]]

Default value: undef

`port`

Data type: Optional[Stdlib::Port]

Default value: undef

`print_last_log`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`print_motd`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`pubkey_accepted_key_types`

Data type: Optional[Array[String[1]]]

Default value: undef

`pubkey_authentication`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`rekey_limit`

Data type: Optional[String[1]]

Default value: undef

`revoked_keys`

Data type: Optional[String[1]]

Default value: undef

`rdomain`

Data type: Optional[String[1]]

Default value: undef

`set_env`

Data type: Optional[String[1]]

Default value: undef

`stream_local_bind_mask`

Data type: Optional[Pattern[/^[0-7]{4}$/]]

Default value: undef

`stream_local_bind_unlink`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`strict_modes`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`subsystem`

Data type: Optional[String[1]]

Default value: undef

`syslog_facility`

Data type: Optional[Ssh::Syslog_facility]

Default value: undef

`tcp_keep_alive`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`trusted_user_ca_keys`

Data type: Optional[String[1]]

Default value: undef

`use_dns`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`use_pam`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`version_addendum`

Data type: Optional[String[1]]

Default value: undef

`x11_display_offset`

Data type: Optional[Integer[0]]

Default value: undef

`x11_forwarding`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`x11_use_localhost`

Data type: Optional[Ssh::Yes_no]

Default value: undef

`xauth_location`

Data type: Optional[String[1]]

Default value: undef

`custom`

Data type: Optional[String[1]]

Default value: undef

Defined types

ssh::config_entry

Manage an entry in ~/.ssh/config for a particular user. Lines model the lines in each Host block.

Parameters

The following parameters are available in the ssh::config_entry defined type.

`owner`

Data type: String[1]

`group`

Data type: String[1]

`path`

Data type: Stdlib::Absolutepath

`host`

Data type: String[1]

`order`

Data type: Integer[0]

Default value: 10

`ensure`

Data type: Enum['present','absent']

Default value: ‘present’

`lines`

Data type: Array[String]

Default value: []

Reference

Table of Contents

Classes

ssh

Parameters

packages

package_source

package_adminfile

config_path

config_owner

config_group

config_mode

global_known_hosts

global_known_hosts_owner

global_known_hosts_group

global_known_hosts_mode

manage_root_ssh_config

root_ssh_config_content

manage_server

key_export

purge_keys

ssh_key_ensure

ssh_key_import

ssh_key_type

keys

config_entries

host

add_keys_to_agent

address_family

batch_mode

bind_address

bind_interface

canonical_domains

canonicalize_fallback_local

canonicalize_hostname

canonicalize_max_dots

canonicalize_permitted_cnames

ca_signature_algorithms

certificate_file

challenge_response_authentication

check_host_ip

ciphers

clear_all_forwardings

compression

connection_attempts

connect_timeout

control_master

control_path

control_persist

dynamic_forward

enable_ssh_keysign

escape_char

exit_on_forward_failure

fingerprint_hash

forward_agent

forward_x11

forward_x11_timeout

forward_x11_trusted

gateway_ports

global_known_hosts_file

gss_api_authentication

gss_api_delegate_credentials

hash_known_hosts

hostbased_authentication

hostbased_key_types

host_key_algorithms

host_key_alias

host_name

identities_only

identity_agent

identity_file

ignore_unknown

include

ip_qos

kbd_interactive_authentication

kbd_interactive_devices

kex_algorithms

local_command

local_forward

log_level

`packages`

`package_source`

`package_adminfile`

`config_path`

`config_owner`

`config_group`

`config_mode`

`global_known_hosts`

`global_known_hosts_owner`

`global_known_hosts_group`

`global_known_hosts_mode`

`manage_root_ssh_config`

`root_ssh_config_content`

`manage_server`

`key_export`

`purge_keys`

`ssh_key_ensure`

`ssh_key_import`

`ssh_key_type`

`keys`

`config_entries`

`host`

`add_keys_to_agent`

`address_family`

`batch_mode`

`bind_address`

`bind_interface`

`canonical_domains`

`canonicalize_fallback_local`

`canonicalize_hostname`

`canonicalize_max_dots`

`canonicalize_permitted_cnames`

`ca_signature_algorithms`

`certificate_file`

`challenge_response_authentication`

`check_host_ip`

`ciphers`

`clear_all_forwardings`

`compression`

`connection_attempts`

`connect_timeout`

`control_master`

`control_path`

`control_persist`

`dynamic_forward`

`enable_ssh_keysign`

`escape_char`

`exit_on_forward_failure`

`fingerprint_hash`

`forward_agent`

`forward_x11`

`forward_x11_timeout`

`forward_x11_trusted`

`gateway_ports`

`global_known_hosts_file`

`gss_api_authentication`

`gss_api_delegate_credentials`

`hash_known_hosts`

`hostbased_authentication`

`hostbased_key_types`

`host_key_algorithms`

`host_key_alias`

`host_name`

`identities_only`

`identity_agent`

`identity_file`

`ignore_unknown`

`include`

`ip_qos`

`kbd_interactive_authentication`

`kbd_interactive_devices`

`kex_algorithms`

`local_command`

`local_forward`

`log_level`

`no_host_authentication_for_localhost`

`number_of_password_prompts`

`password_authentication`

`permit_local_command`

`pkcs11_provider`