Forge Home

ssh

Manages SSH

2,311,914 downloads

115 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 4.0.0 (latest)
  • 3.62.0
  • 3.61.0
  • 3.60.1
  • 3.60.0
  • 3.59.0
  • 3.58.0
  • 3.57.1
  • 3.57.0
  • 3.56.1
  • 3.56.0
  • 3.55.0
  • 3.54.0
  • 3.53.0
  • 3.52.0
  • 3.51.1
  • 3.51.0
  • 3.49.1
  • 3.49.0
  • 3.48.0
  • 3.47.0
  • 3.46.0
  • 3.45.0
  • 3.44.0
  • 3.43.0
  • 3.42.0
  • 3.41.1
  • 3.41.0
  • 3.40.0
  • 3.39.0
  • 3.38.0
  • 3.37.1
  • 3.37.0
  • 3.36.0
  • 3.34.0
  • 3.33.1
  • 3.31.0
  • 3.30.0
  • 3.29.0 (deleted)
  • 3.28.0
  • 3.27.1
  • 3.27.0
  • 3.25.0
  • 3.24.0
  • 3.23.1
  • 3.23.0
  • 3.22.0
  • 3.21.0
  • 3.20.0
  • 3.19.1
  • 3.19.0
  • 3.18.0
  • 3.17.0
  • 3.16.0
  • 3.15.2
  • 3.15.1
  • 3.15.0
  • 3.14.0
  • 3.13.0
  • 3.12.0
  • 3.11.0
  • 3.9.0
  • 3.8.0
  • 3.7.0
  • 3.6.0
  • 3.5.0
  • 3.4.0
  • 3.3.0
  • 3.2.1
  • 3.2.0
  • 1.0.3
  • 1.0.1 (deleted)
  • 1.0.0 (deleted)
released Nov 29th 2022
This version is compatible with:
  • Puppet Enterprise 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 8.0.0
  • , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'ghoneycutt-ssh', '4.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add ghoneycutt-ssh
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install ghoneycutt-ssh --version 4.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

ghoneycutt/ssh — version 4.0.0 Nov 29th 2022

puppet-module-ssh

Manage ssh client and server.

This module is based on the OpenSSH v7.0 implementation. All parameters that are described in the man pages are available to this module with the exception of the Match parameter. Some SSH implementations do provide extra features and use additional parameters. These deviations can still be managed with the help of the $custom parameter. This freetext parameter allows you to add any lines to ssh_config and sshd_config that you wish to.

This module may be used with a simple include ::ssh

The ssh::config_entry defined type may be used directly and is used to manage Host entries in a personal ~/.ssh/config file.

Table of Contents

  1. Compatibility
  2. Parameters
  3. Examples
  4. Upgrading
  5. Contributing

Compatibility

This module officially supports the platforms listed in the metadata.json. It does not fail on unsupported platforms and has been known to work on many, many platforms since its creation in 2010.

Known to work

  • Debian 10
  • Debian 11
  • EL 7
  • EL 8
  • Ubuntu 18.04 LTS
  • Ubuntu 20.04 LTS
  • Solaris 10
  • Solaris 11

SunSSH

If you use the Sun Solaris SSH, please keep in mind that not all parameters can be used.

Unsupported parameters for ssh_config: AddressFamily, Tunnel, TunnelDevice, PermitLocalCommand, HashKnownHosts

Unsupported parameters for sshd_config: KerberosOrLocalPasswd, KerberosTicketCleanup, KerberosGetAFSToken, TCPKeepAlive, ShowPatchLevel, MaxSessions, PermitTunnel

Parameters

A value of undef will use the defaults specified by the module. See data/os/ for the actual default settings for supported operating systems.

Please keep in mind that this module does not include any sanity checks. Depending on the set parameters or values and the running version of SSH the resulting configuration could stop SSH from working.

See REFERENCE.md for a list of all parameters.

Manage user's ssh_authorized_keys

The hash ssh::keys is passed to ssh_authorized_key type. Because of this, you may specify any valid parameter for ssh_authorized_key. See the Type Reference for a complete list.

Sample usage:

Push authorized key "root_for_userX" and remove key "root_for_userY" through Hiera.

ssh::keys:
  root_for_userX:
    ensure: present
    user: root
    type: dsa
    key: AAAA...==
  apachehup:
    ensure: present
    user: apachehup
    type: rsa
    key: 'AAAA...=='
    options: 'command="/sbin/service httpd restart"'
  root_for_userY:
    ensure: absent
    user: root

Manage config entries in a personal ssh/config file.

Ssh::Config_entry {
  ensure => present,
  path   => '/home/jenkins/.ssh/config',
  owner  => 'jenkins',
  group  => 'jenkins',
}


ssh::config_entry { 'jenkins *':
  host  => '*',
  lines => [
    '  ForwardX11 no',
    '  StrictHostKeyChecking no',
  ],
  order => '10',
}

ssh::config_entry { 'jenkins github.com':
  host  => 'github.com',
  lines => ["  IdentityFile /home/jenkins/.ssh/jenkins-gihub.key"],
  order => '20',
}

Upgrading

The SSH module v4 was completely rewritten. In this process all parameters for the SSH configuration files have been renamed. Users that want to upgrade need to change their running configuration. To make your upgrade easier there is a list of old and new parameter names. Consult UPGRADING.md

Contributing

Please check CONTRIBUTING.md