141 lines
2.5 KiB
Markdown
141 lines
2.5 KiB
Markdown
# puppet-module-ssh #
|
|
|
|
Manage ssh client and server.
|
|
|
|
The module uses exported resources to manage ssh keys and removes ssh keys that are not managed by puppet. This behavior is managed by the parameters ssh_key_ensure and purge_keys.
|
|
|
|
# Compatability #
|
|
|
|
This module has been tested to work on the following systems.
|
|
|
|
* EL 5
|
|
* EL 6
|
|
|
|
# Parameters #
|
|
|
|
packages
|
|
--------
|
|
Array of package names used for installation.
|
|
|
|
- *Default*: 'openssh-server', 'openssh-server', 'openssh-clients'
|
|
|
|
permit_root_login
|
|
-----------------
|
|
Allow root login. Valid values are 'yes', 'without-password', 'forced-commands-only', 'no'.
|
|
|
|
- *Default*: no
|
|
|
|
purge_keys
|
|
----------
|
|
Remove keys not managed by puppet.
|
|
|
|
- *Default*: 'true'
|
|
|
|
manage_firewall
|
|
---------------
|
|
Open firewall for SSH service.
|
|
|
|
- *Default*: false
|
|
|
|
ssh_config_path
|
|
---------------
|
|
Path to ssh_config.
|
|
|
|
- *Default*: '/etc/ssh/ssh_config'
|
|
|
|
ssh_config_owner
|
|
----------------
|
|
ssh_config's owner.
|
|
|
|
- *Default*: 'root'
|
|
|
|
ssh_config_group
|
|
----------------
|
|
ssh_config's group.
|
|
|
|
- *Default*: 'root'
|
|
|
|
ssh_config_mode
|
|
---------------
|
|
ssh_config's mode.
|
|
|
|
- *Default*: '0644'
|
|
|
|
sshd_config_path
|
|
----------------
|
|
Path to sshd_config.
|
|
|
|
- *Default*: '/etc/ssh/sshd_config
|
|
|
|
sshd_config_owner
|
|
-----------------
|
|
sshd_config's owner.
|
|
|
|
- *Default*: 'root'
|
|
|
|
sshd_config_group
|
|
----------------
|
|
sshd_config's group.
|
|
|
|
- *Default*: 'root'
|
|
|
|
sshd_config_mode
|
|
---------------
|
|
sshd_config's mode.
|
|
|
|
- *Default*: '0600'
|
|
|
|
service_ensure
|
|
--------------
|
|
Ensure SSH service is running. Valid values are 'stopped' and 'running'.
|
|
|
|
- *Default*: 'running'
|
|
|
|
service_name
|
|
------------
|
|
Name of the SSH service.
|
|
|
|
- *Default*: 'sshd'
|
|
|
|
service_enable
|
|
--------------
|
|
Start SSH at boot. Valid values are 'true', 'false' and 'manual'.
|
|
|
|
- *Default*: 'true'
|
|
|
|
service_hasrestart
|
|
------------------
|
|
Specify that the init script has a restart command. Valid values are 'true' and 'false'.
|
|
|
|
- *Default*: 'true'
|
|
|
|
service_hasstatus
|
|
-----------------
|
|
Declare whether the service's init script has a functional status command. Valid values are 'true' and 'false'
|
|
|
|
- *Default*: 'true'
|
|
|
|
ssh_key_ensure
|
|
--------------
|
|
Export node SSH key. Valid values are 'present' and 'absent'.
|
|
|
|
- *Default*: 'present'
|
|
|
|
ssh_key_type
|
|
------------
|
|
Encryption type for SSH key. Valid values are 'rsa', 'dsa', 'ssh-dss' and 'ssh-rsa'
|
|
|
|
- *Default*: 'ssh-rsa'
|
|
|
|
manage_root_ssh_config
|
|
----------------------
|
|
Manage SSH config of root. Valid values are 'true' and 'false'.
|
|
|
|
- *Default*: 'false'
|
|
|
|
root_ssh_config_content
|
|
-----------------------
|
|
Content of root's ~/.ssh/config.
|
|
|
|
- *Default*: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n"
|