Forge Home

openssh

Manage OpenSSH server/client/keys

152 downloads

152 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.9.1 (latest)
released Sep 6th 2023
This version is compatible with:
  • Puppet Enterprise 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
  • Puppet >= 5.5.0 < 9.0.0
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'aursu-openssh', '0.9.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add aursu-openssh
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install aursu-openssh --version 0.9.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

aursu/openssh — version 0.9.1 Sep 6th 2023

Reference

Table of Contents

Classes

Defined types

Data types

Classes

openssh

Openssh class for variables initialization

Examples

include openssh

Parameters

The following parameters are available in the openssh class.

allow_tcp_forwarding

Data type: String

permit_root_login

Data type: String

strict_modes

Data type: String

gss_api_authentication

Data type: String

config_template

Data type: String

keys_file

Data type: Optional[String]

banner

Data type: String

manage_server_package

Data type: Boolean

manage_client_package

Data type: Boolean

sshkey_user

Data type: String

sshkey_group

Data type: Optional[String]

sshkey_dir

Data type: String

sshkey_name

Data type: Optional[String]

sshkey_type

Data type: String

sshkey_target

Data type: String

sshkey_options

Data type: Array[String]

setup_host_key

Data type: Boolean

ssh_port

Data type: Integer

Default value: $openssh::params::ssh_port

config

Data type: String

Default value: $openssh::params::config

base_package_name

Data type: String

Default value: $openssh::params::base_package_name

server_package_name

Data type: Optional[String]

Default value: $openssh::params::server_package_name

client_package_name

Data type: Optional[String]

Default value: $openssh::params::client_package_name

server_dependencies

Data type: Optional[ Array[String] ]

Default value: $openssh::params::openssh_server_dependencies

openssh::config

Setup SSHD daemon configuration based on template

Examples

include openssh::config

Parameters

The following parameters are available in the openssh::config class.

config

Data type: Stdlib::Unixpath

Default value: $openssh::config

ssh_port

Data type: Stdlib::Port

Default value: $openssh::ssh_port

config_template

Data type: String

Default value: $openssh::config_template

banner

Data type: Variant[ Enum['none'], Stdlib::Unixpath ]

Default value: $openssh::banner

keys_file

Data type: Optional[String]

Default value: $openssh::keys_file

allow_tcp_forwarding

Data type: Enum['yes', 'no', 'all', 'local', 'remote']

Default value: $openssh::allow_tcp_forwarding

permit_root_login

Data type: Enum['yes', 'no', 'without-password', 'prohibit-password', 'forced-commands-only']

Default value: $openssh::permit_root_login

strict_modes

Data type: Enum['yes', 'no']

Default value: $openssh::strict_modes

gss_api_authentication

Data type: Enum['yes', 'no']

Default value: $openssh::gss_api_authentication

setup_host_key

Data type: Boolean

Default value: $openssh::setup_host_key

openssh::keys

Set up authorized_keys file for root account

Examples

include openssh::keys

Parameters

The following parameters are available in the openssh::keys class.

sshkey_user

Data type: String

The user account in which the SSH key should be installed. The resource will autorequire this user if it is being managed as a user resource.

Default value: $openssh::sshkey_user

authorized

Data type: Optional[ Array[ Struct[{ type => String, key => String, name => String, }] ] ]

If provided - it is exact list of SSH public keys to be added into user root account All other settings will be ignored except sshkey_dir

Default value: undef

sshkey

Data type: Optional[Stdlib::Base64]

The public key itself; generally a long string of hex characters. The key attribute may not contain whitespace.

Make sure to omit the following in this attribute (and specify them in other attributes):

  • Key headers, such as ‘ssh-rsa’ — put these in the type attribute.
  • Key identifiers / comments, such as ‘joe@joescomputer.local’ — put these in the name attribute/resource title.

Default value: undef

sshkey_name

Data type: Optional[String]

The SSH key comment. This can be anything, and doesn’t need to match the original comment from the .pub file.

Due to internal limitations, this must be unique across all user accounts; if you want to specify one key for multiple users, you must use a different comment for each instance.

Default value: $openssh::sshkey_name

sshkey_type

Data type: Openssh::KeyType

The encryption type used. Allowed values: ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 dsa ed25519 rsa

Default value: $openssh::sshkey_type

sshkey_target

Data type: Stdlib::Unixpath

The absolute filename in which to store the SSH key. This property is optional and should be used only in cases where keys are stored in a non- standard location, for instance when not in ~user/.ssh/authorized_keys

Default value: $openssh::sshkey_target

sshkey_options

Data type: Array[String]

Key options; see sshd(8) for possible values. Multiple values should be specified as an array.

Default value: $openssh::sshkey_options

sshkey_ensure

Data type: Enum['present', 'absent']

Default value: present

sshkey_propagate

Data type: Boolean

Default value: false

sshkey_group

Data type: Optional[String]

Default value: $openssh::sshkey_group

sshkey_dir

Data type: Stdlib::Unixpath

Default value: $openssh::sshkey_dir

openssh::package

Manage OpenSSH daemon and client packages

Examples

include openssh::package

Parameters

The following parameters are available in the openssh::package class.

package_ensure

Data type: String

Default value: present

client_ensure

Data type: String

Default value: present

server_ensure

Data type: String

Default value: present

package_name

Data type: String

Default value: $openssh::base_package_name

manage_client

Data type: Boolean

Default value: $openssh::manage_client_package

client_package

Data type: Optional[String]

Default value: $openssh::client_package_name

manage_server

Data type: Boolean

Default value: $openssh::manage_server_package

server_package

Data type: Optional[String]

Default value: $openssh::server_package_name

server_dependencies

Data type: Optional[ Array[String] ]

Default value: $openssh::openssh_server_dependencies

openssh::params

Openssh module parameters

Examples

include openssh::params

openssh::service

Manage SSHd daemon service

Examples

include openssh::service

Parameters

The following parameters are available in the openssh::service class.

service_enabled

Data type: Boolean

Default value: true

service_ensure

Data type: String

Default value: running

service_name

Data type: String

Default value: $openssh::params::service_name

openssh::ssh_keygen

Generate new OpenSSH private key or export root public key

Examples

include openssh::ssh_keygen

Parameters

The following parameters are available in the openssh::ssh_keygen class.

sshkey_name

Data type: String

Default value: $openssh::sshkey_name

sshkey_user

Data type: String

Default value: $openssh::sshkey_user

sshkey_type

Data type: Openssh::KeyType

Default value: $openssh::sshkey_type

sshkey_target

Data type: Stdlib::Unixpath

Default value: $openssh::sshkey_target

sshkey_dir

Data type: Stdlib::Unixpath

Default value: $openssh::sshkey_dir

sshkey_options

Data type: Array[String]

Default value: $openssh::sshkey_options

sshkey_ensure

Data type: String

Default value: present

sshkey_bits

Data type: Integer

Default value: 2048

root_key_export

Data type: Boolean

Default value: true

sshkey_generate_enable

Data type: Boolean

Default value: false

Defined types

openssh::auth_key

A description of what this defined type does

Examples

openssh::auth_key { 'namevar': }

Parameters

The following parameters are available in the openssh::auth_key defined type.

sshkey_user

Data type: String

The user account in which the SSH key should be installed

sshkey_ensure

Data type: Enum['present', 'absent']

Default value: present

sshkey_type

Data type: Openssh::KeyType

Default value: 'ssh-rsa'

sshkey_name

Data type: Optional[String]

The The SSH key name/comment. In their native habitat, SSH keys usually appear as a single long line, in the format: <TYPE> <KEY> <NAME/COMMENT>

Default value: undef

sshkey_target

Data type: Optional[Stdlib::Unixpath]

Default value: undef

sshkey_options

Data type: Optional[Array[String]]

Default value: undef

sshkey

Data type: Optional[Stdlib::Base64]

Default value: undef

sshkey_export

Data type: Boolean

Boolean flag. If set to true openssh::auth_key resource will export ssh host key via resource Sshkey with title equal to <fqdn>_<sshkey_user>_known_host where <fqdn> is puppet fact $::fqdn and <sshkey_user> is sshkey_user parameter. The Sshkey resource's target parameter will be set to ~/.ssh/known_hosts path for user sshkey_user (with home directory /root for user root and /home/<sshkey_user> for all other users)

Default value: true

sshkey_propagate

Data type: Boolean

Boolean flag. If set to true openssh::auth_key resource will import Ssh_authorized_key resource with title equal: 1) to either parameter sshkey_name or 2) to name combined from parameter sshkey_user and fact $::hostname as string <sshkey_user>@<hostname>

Default value: false

openssh::priv_key

Set SSH private key for user.

Examples

openssh::priv_key { 'namevar': }

Parameters

The following parameters are available in the openssh::priv_key defined type.

user_name

Data type: String

The name of system user for which private key should be set Used for SSH directory compilation (either /root/.ssh if user is 'root' or /home/user_name/.ssh) Used as ownership group if user_group is not specified Used for SSH public key comment during public key generating

key_data

Data type: String

SSH private key content

sshkey_name

Data type: Optional[String]

SSH public key comment (will be set if specified)

Default value: $name

sshkey_format

Data type: Enum['PEM', 'RFC4716', 'PKCS8']

Default is 'PEM' The supported key formats are: "RFC4716" (RFC 4716/SSH2 public or private key), "PKCS8" (PEM PKCS8 public key) or "PEM" (PEM public key). The default conversion format for ssh-keygen tool is "RFC4716"

Default value: 'PEM'

sshkey_type

Data type: Openssh::KeyType

Default is 'rsa' SSH private key type (eg rsa or dsa) Used for SSH private and public key file name compilation (eg .ssh/id_<key_id> where key_id is the type of key: dsa | ecdsa | ed25519 | rsa)

Default value: 'ssh-rsa'

user_group

Data type: Optional[String]

Private key ownership group

Default value: undef

sshkey_dir

Data type: Optional[Stdlib::Unixpath]

SSH directory which used for SSH keys storage instead of standard one compiled based on user_name

Default value: undef

generate_public

Data type: Boolean

if set - public key will be generated with suffix .pub based on private key

Default value: false

key_prefix

Data type: Optional[Pattern[/^[-a-z0-9]+$/]]

if set - used for private and public file name compilation as prefix (eg git.id_rsa where key_prefix is git)

Default value: undef

openssh::ssh_config

A description of what this defined type does

Examples

openssh::ssh_config { 'namevar': }

Parameters

The following parameters are available in the openssh::ssh_config defined type.

ssh_config

Data type: Array[Openssh::SshConfig]

user_name

Data type: String

Default value: $name

user_group

Data type: Optional[String]

Default value: undef

system_wide

Data type: Boolean

Default value: false

sshkey_dir

Data type: Optional[Stdlib::Unixpath]

Default value: undef

Data types

Openssh::ClientOption

The Openssh::ClientOption data type.

Alias of Enum['AddressFamily', 'BatchMode', 'BindAddress', 'ChallengeResponseAuthentication', 'CheckHostIP', 'Cipher', 'Ciphers', 'ClearAllForwardings', 'Compression', 'CompressionLevel', 'ConnectionAttempts', 'ConnectTimeout', 'ControlMaster', 'ControlPath', 'ControlPersist', 'DynamicForward', 'EnableSSHKeysign', 'EscapeChar', 'ExitOnForwardFailure', 'ForwardAgent', 'ForwardX11', 'ForwardX11Trusted', 'GatewayPorts', 'GlobalKnownHostsFile', 'GSSAPIAuthentication', 'GSSAPIKeyExchange', 'GSSAPIClientIdentity', 'GSSAPIDelegateCredentials', 'GSSAPIRenewalForcesRekey', 'GSSAPITrustDns', 'GSSAPIKexAlgorithms', 'Host', 'HashKnownHosts', 'HostbasedAuthentication', 'HostKeyAlgorithms', 'HostKeyAlias', 'HostName', 'IdentitiesOnly', 'IdentityFile', 'KbdInteractiveAuthentication', 'KbdInteractiveDevices', 'KexAlgorithms', 'LocalCommand', 'LocalForward', 'LogLevel', 'MACs', 'NoHostAuthenticationForLocalhost', 'NumberOfPasswordPrompts', 'PasswordAuthentication', 'PermitLocalCommand', 'PKCS11Provider', 'Port', 'PreferredAuthentications', 'Protocol', 'ProxyCommand', 'PubkeyAuthentication', 'RekeyLimit', 'RemoteForward', 'RhostsRSAAuthentication', 'RSAAuthentication', 'SendEnv', 'ServerAliveCountMax', 'ServerAliveInterval', 'StrictHostKeyChecking', 'TCPKeepAlive', 'Tunnel', 'TunnelDevice', 'UsePrivilegedPort', 'User', 'UserKnownHostsFile', 'VerifyHostKeyDNS', 'VisualHostKey', 'XAuthLocation']

Openssh::KeyType

The Openssh::KeyType data type.

Alias of Enum['ssh-dss', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ssh-ed25519', 'dsa', 'ed25519', 'rsa']

Openssh::SshConfig

The Openssh::SshConfig data type.

Alias of Hash[Openssh::ClientOption, Variant[ String, Integer, Array[String, 1], ]]