tag | a3759b86537fd2cf7eb25e208c47e0519e14ccdc | |
---|---|---|
tagger | Garrett Honeycutt <code@garretthoneycutt.com> | Thu Feb 06 16:27:08 2014 -0500 |
object | ccfce3d0934e5950a4b7f7298ff8e7a1f4d26dfb |
v3.6.1
commit | ccfce3d0934e5950a4b7f7298ff8e7a1f4d26dfb | [log] [tgz] |
---|---|---|
author | Garrett Honeycutt <code@garretthoneycutt.com> | Thu Feb 06 16:26:24 2014 -0500 |
committer | Garrett Honeycutt <code@garretthoneycutt.com> | Thu Feb 06 16:26:24 2014 -0500 |
tree | bf7ef3382bea1458eed1a56b0d68856a4bd97913 | |
parent | 03d8afc57f0d6644e704d260eaefe5e3545634db [diff] |
Release v3.6.1 - Support Puppet v3.4 and Ruby v2.0.0
Manage ssh client and server.
The module uses exported resources to manage ssh keys and removes ssh keys that are not managed by puppet. This behavior is managed by the parameters ssh_key_ensure and purge_keys.
===
This module has been tested to work on the following systems with Puppet v3 and Ruby versions 1.8.7, 1.9.3 and 2.0.0.
===
Boolean to merges all found instances of ssh::keys in Hiera. This is useful for specifying SSH keys at different levels of the hierarchy and having them all included in the catalog.
This will default to ‘true’ in future versions.
HashKnownHosts in ssh_config. Indicates that ssh should hash host names and addresses when they are added to ~/.ssh/known_hosts. These hashed names may be used normally by ssh and sshd, but they do not reveal identifying information should the file's contents be disclosed. The default is ‘no’.
Note that existing names and addresses in known hosts files will not be converted automatically, but may be manually hashed using ssh-keygen. Use of this option may break facilities such as tab-completion that rely on being able to read unhashed host names from ~/.ssh/known_hosts.
Path to ssh_config.
ssh_config's owner.
ssh_config's group.
ssh_config's mode.
ForwardX11 option in ssh_config. Not set by default.
ForwardAgent option in ssh_config. Not set by default.
ServerAliveInterval option in ssh_config. Not set by default.
Boolean to set ‘SendEnv XMODIFIERS’ in ssh_config.
Path to sshd_config.
sshd_config's owner.
sshd_config's group.
sshd_config's mode.
String to specify listen port for sshd. Port option in sshd_config.
SyslogFacility option in sshd_config.
LoginGraceTime option in sshd_config.
ChallengeResponseAuthentication option in sshd_config.
PrintMotd option in sshd_config.
UseDNS option in sshd_config.
Banner option in sshd_config.
content parameter for file specified in sshd_config_banner
owner parameter for file specified in sshd_config_banner
group parameter for file specified in sshd_config_banner
mode parameter for file specified in sshd_config_banner
XAuthLocation option in sshd_config.
Path to sftp file transfer subsystem in sshd_config.
PasswordAuthentication in sshd_config. Specifies whether password authentication is allowed.
AllowTcpForwarding in sshd_config. Specifies whether TCP forwarding is permitted.
X11Forwarding in sshd_config. Specifies whether X11 forwarding is permitted.
UsePam in sshd_config. Enables the Pluggable Authentication Module interface. If set to ‘yes’ this will enable PAM authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition to PAM account and session module processing for all authentication types.
ClientAliveInterval in sshd_config. Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. This option applies to protocol version 2 only.
Hash of keys for user's ~/.ssh/authorized_keys
Array of package names used for installation.
Allow root login. Valid values are ‘yes’, ‘without-password’, ‘forced-commands-only’, and ‘no’.
Remove keys not managed by puppet.
Open firewall for SSH service.
Ensure SSH service is running. Valid values are ‘stopped’ and ‘running’.
Name of the SSH service.
Start SSH at boot. Valid values are ‘true’, ‘false’ and ‘manual’.
Specify that the init script has a restart command. Valid values are ‘true’ and ‘false’.
Declare whether the service's init script has a functional status command. Valid values are ‘true’ and ‘false’
Export node SSH key. Valid values are ‘present’ and ‘absent’.
Encryption type for SSH key. Valid values are ‘rsa’, ‘dsa’, ‘ssh-dss’ and ‘ssh-rsa’
Manage SSH config of root. Valid values are ‘true’ and ‘false’.
Content of root's ~/.ssh/config.
===
This works by passing the ssh::keys hash to the ssh_authorized_keys type with create_resources(). Because of this, you may specify any valid parameter for ssh_authorized_key. See the Type Reference for a complete list.
Push authorized key “root_for_userX” and remove key “root_for_userY” through Hiera.