Google Git
Sign in
apache / puppet-module-ssh / refs/tags/v2.4.0
tag15bd18b015f2013a67394904de27c9882624eec3
taggerGarrett Honeycutt <code@garretthoneycutt.com>Tue Oct 22 00:34:51 2013 -0400
object51aa16a0af1f444af982a21afa76aefe369318a1 
v2.4.0
commit51aa16a0af1f444af982a21afa76aefe369318a1[log] [tgz]
authorGarrett Honeycutt <github@garretthoneycutt.com>Mon Oct 21 21:34:04 2013 -0700
committerGarrett Honeycutt <github@garretthoneycutt.com>Mon Oct 21 21:34:04 2013 -0700
tree099b18fff5f1ee00b488602851788e231a5c1372
parentfef452b80331b2501d9f72951e4d275eef8eded3 [diff]
parent21b21667acf794421c21f9ed260ce1c52e7a9899 [diff]
Merge pull request #23 from ghoneycutt/new_master

New master
tree: 099b18fff5f1ee00b488602851788e231a5c1372
  1. manifests/
  2. spec/
  3. templates/
  4. tests/
  5. .fixtures.yml
  6. .gitignore
  7. .travis.yml
  8. CHANGELOG
  9. Gemfile
  10. LICENSE
  11. Modulefile
  12. Rakefile
  13. README.md
README.md

puppet-module-ssh

Manage ssh client and server.

The module uses exported resources to manage ssh keys and removes ssh keys that are not managed by puppet. This behavior is managed by the parameters ssh_key_ensure and purge_keys.

===

Compatability

This module has been tested to work on the following systems with Puppet v3.

  • EL 5
  • EL 6
  • SLES 11
  • Ubuntu 12.04 LTS

===

Parameters

keys

Hash of keys for user's ~/.ssh/authorized_keys

  • Default: undefined

packages

Array of package names used for installation.

  • Default: ‘openssh-server’, ‘openssh-server’, ‘openssh-clients’

permit_root_login

Allow root login. Valid values are ‘yes’, ‘without-password’, ‘forced-commands-only’, ‘no’.

  • Default: no

purge_keys

Remove keys not managed by puppet.

  • Default: ‘true’

manage_firewall

Open firewall for SSH service.

  • Default: false

ssh_config_path

Path to ssh_config.

  • Default: ‘/etc/ssh/ssh_config’

ssh_config_owner

ssh_config's owner.

  • Default: ‘root’

ssh_config_group

ssh_config's group.

  • Default: ‘root’

ssh_config_mode

ssh_config's mode.

  • Default: ‘0644’

ssh_config_forward_x11

ForwardX11 option in ssh_config. Not set by default.

  • Default: undef

ssh_config_forward_agent

ForwardAgent option in ssh_config. Not set by default.

  • Default: undef

ssh_config_server_alive_interval

ServerAliveInterval option in ssh_config. Not set by default.

  • Default: undef

sshd_config_path

Path to sshd_config.

  • Default: '/etc/ssh/sshd_config

sshd_config_owner

sshd_config's owner.

  • Default: ‘root’

sshd_config_group

sshd_config's group.

  • Default: ‘root’

sshd_config_mode

sshd_config's mode.

  • Default: ‘0600’

sshd_config_syslog_facility

SyslogFacility option in sshd_config.

  • Default: ‘AUTH’

sshd_config_login_grace_time

LoginGraceTime option in sshd_config.

  • Default: ‘120’

sshd_config_challenge_resp_auth

ChallengeResponseAuthentication option in sshd_config.

  • Default: ‘no’

sshd_config_print_motd

PrintMotd option in sshd_config.

  • Default: ‘yes’

sshd_config_use_dns

UseDNS option in sshd_config.

  • Default: ‘yes’

sshd_config_banner

Banner option in sshd_config.

  • Default: ‘none’

sshd_config_xauth_location

XAuthLocation option in sshd_config.

  • Default: ‘/usr/bin/xauth’

sshd_config_subsystem_sftp

Path to sftp file transfer subsystem in sshd_config.

  • Default: ‘/usr/libexec/openssh/sftp-server’

service_ensure

Ensure SSH service is running. Valid values are ‘stopped’ and ‘running’.

  • Default: ‘running’

service_name

Name of the SSH service.

  • Default: ‘sshd’

service_enable

Start SSH at boot. Valid values are ‘true’, ‘false’ and ‘manual’.

  • Default: ‘true’

service_hasrestart

Specify that the init script has a restart command. Valid values are ‘true’ and ‘false’.

  • Default: ‘true’

service_hasstatus

Declare whether the service's init script has a functional status command. Valid values are ‘true’ and ‘false’

  • Default: ‘true’

ssh_key_ensure

Export node SSH key. Valid values are ‘present’ and ‘absent’.

  • Default: ‘present’

ssh_key_type

Encryption type for SSH key. Valid values are ‘rsa’, ‘dsa’, ‘ssh-dss’ and ‘ssh-rsa’

  • Default: ‘ssh-rsa’

manage_root_ssh_config

Manage SSH config of root. Valid values are ‘true’ and ‘false’.

  • Default: ‘false’

root_ssh_config_content

Content of root's ~/.ssh/config.

  • Default: “# This file is being maintained by Puppet.\n# DO NOT EDIT\n”

===

Manage user's ssh_authorized_keys

This works by passing the ssh::keys hash to the ssh_authorized_keys type with create_resources(). Because of this, you may specify any valid parameter for ssh_authorized_key. See the Type Reference for a complete list.

Sample usage:

Push authorized key “root_for_userX” and remove key “root_for_userY” through Hiera.