This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >=2.7.20 <8.0.0
Install, enable and configure ssh and sshd. Currently supports RHEL6 and RHEL7 (and their rebuilds).
ssh::service: Class to manage the
ssh::sshd_config: Class to manage the main
The configuration changes made by this module are meant to be defined from hiera, in order to make specific overrides very easy. They are also meant to be minimal against the original files, in order to be trivial to review, as sshd is a really critical service.
ssh::service class is included from
ssh::sshd_config and really only
exists in order to have configuration changes reload the service.
Disable password authentication and X11 forwarding globally, and permit root login only from some specific IP addresses :
--- classes: - '::ssh::sshd_config' ssh::sshd_config::permitrootlogin: 'no' ssh::sshd_config::passwordauthentication: 'no' ssh::sshd_config::x11forwarding: 'no' ssh::sshd_config::match: 'Address 203.0.113.17,192.168.113.17,2001:db8:1:a211::1': 'PermitRootLogin': 'yes'
Configure IdM authorized keys through SSSD :
--- classes: - '::ssh::sshd_config' ssh::sshd_config::authorizedkeyscommand: '/usr/bin/sss_ssh_authorizedkeys' ssh::sshd_config::authorizedkeyscommanduser: 'nobody'
- Enable support for RHEL8.
- Update Gemfile to fix travis-ci tests with ruby 1.8.
- Update metadata for newer Puppet compatibility.
- Remove Gentoo support, unused by me now, and nobody else uses it.
- Add parameters to meet the SCAP ospp-rhel7-server profile (#5, @roysjosh).
- Added authorizedkeyscommand and authorizedkeyscommanduser options (@scrat14)
- Fix hash ordering consistency for sshd_config match.
- Include rspec tests.
- Update rhel7 sshd_config to match the current 7.1 one.
- Tested on Puppet 4.0.0.
- Add clientalive*, bannerpath and internalsftp options (@tracyde).
- Fix Gentoo in params, now that it has a majrelease (3 as of now).
- Cleanups to make Puppet Lint and Forge score happy.
- Add support for Scientific Linux 6.
- Add support for Gentoo.
- Support UsePAM and ChallengeResponseAuthentication sshd_config options.
- Update template to match the current EL 6.5 file.
- Add support for CentOS.
- Add support for RHEL 7.
- Fix for missing '@' prefix of @usedns in template.
- Support UseDNS sshd_config option.
- Support adding Match sections to sshd_config.
- Initial module release.
Copyright (C) 2013-2015 Matthias Saou Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.