Version information
released Jun 28th 2022
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >=2.7.20 <8.0.0
- ,
Start using this module
Add this module to your Puppetfile:
mod 'thias-ssh', '1.0.9'Learn more about managing modules with a PuppetfileDocumentation
thias/ssh — version 1.0.9 Jun 28th 2022
puppet-ssh
Overview
Install, enable and configure ssh and sshd. Currently supports RHEL6 and RHEL7 (and their rebuilds).
ssh::service: Class to manage thesshdservice.ssh::sshd_config: Class to manage the mainsshd_configfile.
The configuration changes made by this module are meant to be defined from hiera, in order to make specific overrides very easy. They are also meant to be minimal against the original files, in order to be trivial to review, as sshd is a really critical service.
The ssh::service class is included from ssh::sshd_config and really only
exists in order to have configuration changes reload the service.
Examples
Disable password authentication and X11 forwarding globally, and permit root login only from some specific IP addresses :
---
classes:
- '::ssh::sshd_config'
ssh::sshd_config::permitrootlogin: 'no'
ssh::sshd_config::passwordauthentication: 'no'
ssh::sshd_config::x11forwarding: 'no'
ssh::sshd_config::match:
'Address 203.0.113.17,192.168.113.17,2001:db8:1:a211::1':
'PermitRootLogin': 'yes'
Configure IdM authorized keys through SSSD :
---
classes:
- '::ssh::sshd_config'
ssh::sshd_config::authorizedkeyscommand: '/usr/bin/sss_ssh_authorizedkeys'
ssh::sshd_config::authorizedkeyscommanduser: 'nobody'
2019-06-04 - 1.0.8
- Enable support for RHEL8.
2016-05-31 - 1.0.7
- Update Gemfile to fix travis-ci tests with ruby 1.8.
- Update metadata for newer Puppet compatibility.
2016-05-31 - 1.0.6
- Remove Gentoo support, unused by me now, and nobody else uses it.
- Add parameters to meet the SCAP ospp-rhel7-server profile (#5, @roysjosh).
2016-02-05 - 1.0.5
- Added authorizedkeyscommand and authorizedkeyscommanduser options (@scrat14)
2016-02-01 - 1.0.4
- Fix hash ordering consistency for sshd_config match.
- Include rspec tests.
2015-05-20 - 1.0.3
- Update rhel7 sshd_config to match the current 7.1 one.
- Tested on Puppet 4.0.0.
2015-03-31 - 1.0.2
- Add clientalive*, bannerpath and internalsftp options (@tracyde).
2015-03-31 - 1.0.1
- Fix Gentoo in params, now that it has a majrelease (3 as of now).
- Cleanups to make Puppet Lint and Forge score happy.
2014-09-09 - 1.0.0
- Add support for Scientific Linux 6.
2014-08-04 - 0.1.5
- Add support for Gentoo.
- Support UsePAM and ChallengeResponseAuthentication sshd_config options.
2014-06-02 - 0.1.4
- Update template to match the current EL 6.5 file.
- Add support for CentOS.
- Add support for RHEL 7.
2014-01-29 - 0.1.3
- Fix for missing '@' prefix of @usedns in template.
2014-01-16 - 0.1.2
- Support UseDNS sshd_config option.
2014-01-16 - 0.1.1
- Support adding Match sections to sshd_config.
2013-10-02 - 0.1.0
- Initial module release.
Copyright (C) 2013-2015 Matthias Saou
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.