Mercurial > repos > other > Puppet
annotate modules/ssh/README.md @ 466:202aeef575a1
Correct HTTP log paths in LogWatch
It wasn't generating logs because we're not using the normal
pattern - our site name comes _after_ the "access" part, not
before
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 25 Feb 2024 10:10:32 +0000 |
| parents | d9009f54eb23 |
| children | adf6fe9bbc17 |
| rev | line source |
|---|---|
|
385
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
1 # puppet-module-ssh |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
2 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
3 Manage ssh client and server. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
4 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
5 The module uses exported resources to manage ssh keys and removes ssh keys that |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
6 are not managed by puppet. This behavior is managed by the parameters |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
7 ssh_key_ensure and purge_keys. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
8 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
9 This module may be used with a simple `include ::ssh` |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
10 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
11 The `ssh::config_entry` defined type may be used directly and is used to manage |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
12 Host entries in a personal `~/.ssh/config` file. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
14 === |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
15 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
16 ### Table of Contents |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
17 1. [Compatibility](#compatibility) |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
18 1. [Parameters](#parameters) |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
19 1. [Examples](#sample-usage) |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
20 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
21 === |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
22 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
23 # Compatibility |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
24 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
25 This module has been tested to work on the following systems with the |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 latest Puppet v3, v3 with future parser, v4, v5 and v6. See `.travis.yml` |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 for the exact matrix of supported Puppet and ruby versions. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
29 * Debian 7 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
30 * Debian 8 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
31 * Debian 9 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
32 * Debian 10 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 * EL 5 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
34 * EL 6 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
35 * EL 7 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
36 * SLES 10 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
37 * SLES 11 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
38 * SLES 12 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 * Ubuntu 12.04 LTS |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
40 * Ubuntu 14.04 LTS |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
41 * Ubuntu 16.04 LTS |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
42 * Ubuntu 18.04 LTS |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 * Ubuntu 20.04 LTS |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 * Solaris 9 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 * Solaris 10 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 * Solaris 11 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
47 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
48 If you use the Sun Solaris SSH, please keep in mind that not all parameters can be used. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
49 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 Unsupported parameters for ssh_config: |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
51 AddressFamily, Tunnel, TunnelDevice, PermitLocalCommand, HashKnownHosts |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
53 Unsupported parameters for sshd_config: |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 KerberosOrLocalPasswd, KerberosTicketCleanup, KerberosGetAFSToken, TCPKeepAlive, ShowPatchLevel, MaxSessions, PermitTunnel |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
55 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 === |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
57 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
58 # Parameters |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
59 A value of `'USE_DEFAULTS'` will use the defaults specified by the module. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
60 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
61 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
62 hiera_merge |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
63 ----------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
64 Boolean to merges all found instances of ssh::keys and ssh::config_entries in Hiera. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
65 This is useful for specifying SSH keys at different levels of the hierarchy and having |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
66 them all included in the catalog. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
67 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
68 This will default to 'true' in future versions. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
69 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
70 - *Default*: false |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
71 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
72 ssh_config_hash_known_hosts |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
73 --------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
74 HashKnownHosts in ssh_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
75 Indicates that ssh should hash host names and addresses when they are added to ~/.ssh/known_hosts. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
76 These hashed names may be used normally by ssh and sshd, but they do not reveal identifying |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
77 information should the file's contents be disclosed. The default is 'no' on Linux. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
78 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
79 Note that existing names and addresses in known hosts files will not be converted automatically, |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
80 but may be manually hashed using ssh-keygen. Use of this option may break facilities such as |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
81 tab-completion that rely on being able to read unhashed host names from ~/.ssh/known_hosts. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
82 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
83 A value of 'unset' will not add this parameter to the configuration file. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
84 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
85 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
86 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
87 ssh_config_path |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
88 --------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
89 Path to ssh_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
90 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
91 - *Default*: '/etc/ssh/ssh_config' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
92 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
93 ssh_config_owner |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
94 ---------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
95 ssh_config's owner. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
96 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
97 - *Default*: 'root' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
98 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
99 ssh_config_group |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
100 ---------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
101 ssh_config's group. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
102 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
103 - *Default*: 'root' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
104 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
105 ssh_config_mode |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
106 --------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
107 ssh_config's mode. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
108 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
109 - *Default*: '0644' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
110 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
111 ssh_config_forward_x11 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
112 ---------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
113 ForwardX11 option in ssh_config. Not set by default. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
114 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
115 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
116 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
117 ssh_config_forward_agent |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
118 ------------------------ |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
119 ForwardAgent option in ssh_config. Not set by default. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
120 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
121 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
122 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
123 ssh_config_server_alive_interval |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
124 -------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
125 ServerAliveInterval option in ssh_config. Not set by default. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
126 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
127 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
128 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
129 ssh_config_sendenv_xmodifiers |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
130 ----------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
131 Boolean to set 'SendEnv XMODIFIERS' in ssh_config. This option is only valid on Linux. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
132 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
133 - *Default*: false |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
134 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
135 ssh_config_template |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
136 -------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
137 *string* The template used to generate ssh_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
138 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
139 - *Default*: 'ssh/ssh_config.erb' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
140 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
141 ssh_config_ciphers |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
142 ------------------ |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
143 Array of ciphers to be used with the Ciphers option in ssh_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
144 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
145 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
146 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
147 ssh_config_kexalgorithms |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
148 ------------------ |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
149 Array of key exchange algorithms to be used with the KexAlgorithms option in ssh_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
150 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
151 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
152 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
153 ssh_config_macs |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
154 --------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
155 Array of ciphers to be used with the MACs option in ssh_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
156 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
157 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
158 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
159 ssh_sendenv |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
160 ------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
161 Boolean to enable SendEnv options for specifying environment variables. Default is set to true on Linux. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
162 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
163 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
164 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
165 ssh_gssapiauthentication |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
166 ------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
167 GSSAPIAuthentication: Enables/disables GSS-API user authentication in ssh_config. Valid values are 'yes' and 'no'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
168 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
169 - *Default*: 'yes' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
170 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
171 ssh_gssapidelegatecredentials |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
172 ----------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
173 *string* For GSSAPIDelegateCredentials setting in ssh_config. Valid values are |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
174 'yes' and 'no' or to leave undef which will ensure the setting is not present |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
175 in ssh_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
176 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
177 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
178 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
179 ssh_hostbasedauthentication |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
180 ------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
181 String for HostbasedAuthentication option in ssh_config. Valid values are 'yes' and 'no'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
182 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
183 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
184 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
185 ssh_config_proxy_command |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
186 ------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
187 String for ProxyCommand option in ssh_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
188 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
189 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
190 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
191 ssh_strict_host_key_checking |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
192 ----------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
193 *string* For StrictHostKeyChecking setting in ssh_config. Valid values are |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
194 'yes', 'no' or 'ask'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
195 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
196 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
197 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
198 ssh_enable_ssh_keysign |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
199 ----------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
200 *string* For EnableSSHKeysign setting in ssh_config. Valid values are |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
201 'yes' and 'no' or to leave undef which will ensure the setting is not present |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
202 in ssh_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
203 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
204 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
205 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
206 sshd_addressfamily |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
207 ---------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
208 Specifies the value of the AddressFamily setting in sshd_config. Valid values are 'any', 'inet' (IPv4 only), 'inet6' (IPv6 only) and undef. A value of undef will ensure that AddressFamily is not in the configuration. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
209 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
210 - *Default*: 'any' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
211 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
212 sshd_config_path |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
213 ---------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
214 Path to sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
215 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
216 - *Default*: '/etc/ssh/sshd_config |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
217 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
218 sshd_config_owner |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
219 ----------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
220 sshd_config's owner. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
221 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
222 - *Default*: 'root' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
223 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
224 sshd_config_group |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
225 ---------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
226 sshd_config's group. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
227 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
228 - *Default*: 'root' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
229 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
230 sshd_config_loglevel |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
231 --------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
232 LogLevel option in sshd_config. Acceptable values are QUIET, FATAL, ERROR, INFO, VERBOSE. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
233 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
234 *DEBUG, DEBUG1, DEBUG2, and DEBUG3* are permitted values for sshd, however [setting the logging level to DEBUG or higher violates the privacy of users](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5?query=sshd_config) and should not be done unless manually debugging. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
235 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
236 - *Default*: 'INFO' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
237 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
238 sshd_config_maxauthtries |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
239 --------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
240 MaxAuthTries option in sshd_config. Specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
241 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
242 - *Default*: '6' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
243 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
244 sshd_config_mode |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
245 --------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
246 sshd_config's mode. The default is '0600' on Linux and '0644' on Solaris. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
247 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
248 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
249 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
250 sshd_listen_address |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
251 ------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
252 String or Array to specify address(es) for which sshd will bind. Corresponds to ListenAddress in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
253 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
254 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
255 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
256 sshd_config_permitemptypasswords |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
257 -------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
258 PermitEmptyPasswords option in sshd_config. When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
259 Valid values are 'yes' and 'no'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
260 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
261 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
262 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
263 sshd_config_permituserenvironment |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
264 --------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
265 PermitUserEnvironment option in sshd_config. Specifies whether ~/.ssh/environment and environment= options in ~/.ssh/authorized_keys are processed by sshd(8). The default is “no”. Enabling environment processing may enable users to bypass access restrictions in some configurations using mechanisms such as LD_PRELOAD. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
266 Valid values are 'yes' and 'no'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
267 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
268 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
269 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
270 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
271 sshd_config_compression |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
272 --------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
273 Compression option in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
274 Specifies whether compression is allowed in an SSH connection prior to authentication. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
275 If specified, valid values are 'yes', 'no' and 'delayed'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
276 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
277 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
278 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
279 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
280 sshd_config_port |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
281 --------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
282 String, Integer or Array to specify listen port[s] for sshd. Port option in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
283 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
284 - *Default*: '22' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
285 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
286 sshd_config_syslog_facility |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
287 --------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
288 SyslogFacility option in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
289 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
290 - *Default*: 'AUTH' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
291 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
292 sshd_config_template |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
293 -------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
294 *string* The template used to generate sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
295 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
296 - *Default*: 'ssh/sshd_config.erb' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
297 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
298 sshd_config_login_grace_time |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
299 ---------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
300 LoginGraceTime option in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
301 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
302 - *Default*: '120' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
303 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
304 sshd_config_challenge_resp_auth |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
305 ------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
306 ChallengeResponseAuthentication option in sshd_config. RedHat defaults |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
307 to setting this to no for EL 5, 6 and 7, though the module will set it |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
308 to 'yes'. Suggest setting to 'no' with Hiera on EL systems. This will |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
309 default to 'no' for those platforms in the next major release. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
310 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
311 - *Default*: 'yes' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
312 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
313 sshd_config_print_motd |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
314 ---------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
315 PrintMotd option in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
316 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
317 - *Default*: 'yes' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
318 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
319 sshd_config_print_last_log |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
320 ---------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
321 PrintLastLog option in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
322 Verify SSH provides users with feedback on when account accesses last occurred. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
323 If specified, valid values are 'yes' and 'no'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
324 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
325 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
326 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
327 sshd_config_use_dns |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
328 ------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
329 UseDNS option in sshd_config. The default is 'yes' on Linux. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
330 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
331 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
332 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
333 sshd_config_authkey_location |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
334 ---------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
335 Specify location of authorized_keys file. Default is to not specify. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
336 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
337 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
338 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
339 sshd_config_hostkey |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
340 ---------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
341 Specify an array of server side HostKey files to use. Default is to use only /etc/ssh/ssh_host_rsa_key |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
342 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
343 - *Default*: /etc/ssh/ssh_host_rsa_key |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
344 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
345 sshd_config_strictmodes |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
346 ---------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
347 Specifies whether sshd should check file modes and ownership of the user's files and home directory before accepting login. Valid values are yes and no. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
348 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
349 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
350 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
351 sshd_config_serverkeybits |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
352 ---------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
353 Defines the number of bits in the ephemeral protocol version 1 server key. The minimum value is 512, and the default is 1024 except for Solaris default value is 768. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
354 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
355 - *Default*: '1024' except for Solaris which is '768' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
356 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
357 sshd_config_banner |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
358 ------------------ |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
359 Banner option in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
360 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
361 - *Default*: 'none' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
362 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
363 sshd_banner_content |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
364 ------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
365 content parameter for file specified in sshd_config_banner |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
366 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
367 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
368 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
369 sshd_banner_owner |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
370 ----------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
371 owner parameter for file specified in sshd_config_banner |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
372 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
373 - *Default*: 'root' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
374 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
375 sshd_banner_group |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
376 ----------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
377 group parameter for file specified in sshd_config_banner |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
378 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
379 - *Default*: 'root' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
380 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
381 sshd_banner_mode |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
382 ---------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
383 mode parameter for file specified in sshd_config_banner |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
384 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
385 - *Default*: '0644' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
386 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
387 sshd_config_xauth_location |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
388 -------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
389 XAuthLocation option in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
390 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
391 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
392 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
393 sshd_config_subsystem_sftp |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
394 -------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
395 Path to sftp file transfer subsystem in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
396 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
397 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
398 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
399 sshd_password_authentication |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
400 ----------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
401 PasswordAuthentication in sshd_config. Specifies whether password authentication is allowed. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
402 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
403 - *Default*: 'yes' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
404 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
405 sshd_allow_tcp_forwarding |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
406 ------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
407 AllowTcpForwarding in sshd_config. Specifies whether TCP forwarding is permitted. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
408 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
409 - *Default*: 'yes' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
410 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
411 sshd_authorized_keys_command |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
412 ---------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
413 Fully qualified path to command for AuthorizedKeysCommand in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
414 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
415 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
416 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
417 sshd_authorized_keys_command_user |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
418 --------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
419 String of user for AuthorizedKeysCommandUser in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
420 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
421 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
422 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
423 sshd_x11_forwarding |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
424 ------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
425 X11Forwarding in sshd_config. Specifies whether X11 forwarding is permitted. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
426 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
427 - *Default*: 'yes' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
428 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
429 sshd_x11_use_localhost |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
430 ---------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
431 X11UseLocalhost in sshd_config. Specifies if sshd should bind the X11 forwarding server |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
432 to the loopback address or to the wildcard address. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
433 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
434 - *Default*: 'yes' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
435 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
436 sshd_use_pam |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
437 ------------ |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
438 UsePam in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
439 Enables the Pluggable Authentication Module interface. If set to 'yes' this will enable PAM |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
440 authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
441 to PAM account and session module processing for all authentication types. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
442 This module sets this option to 'yes' on Linux and undef on Solaris. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
443 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
444 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
445 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
446 ssh_config_use_roaming |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
447 ---------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
448 String to enable or disable UseRoaming in client configuration ssh_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
449 Valid values are 'yes', 'no' and 'unset'. Using 'unset' will not use (print) |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
450 this configuration parameter at all. Default is set to 'no' on Linux and |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
451 'unset' on Solaris. If you have OpenSSH >= version 5.4, this should be set to |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
452 'no' to mitigate CVE-2016-0777 and CVE-2016-0778. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
453 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
454 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
455 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
456 sshd_client_alive_interval |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
457 -------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
458 ClientAliveInterval in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
459 Sets a timeout interval in seconds after which if no data has been received from the client, |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
460 sshd(8) will send a message through the encrypted channel to request a response from the |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
461 client. The default is 0, indicating that these messages will not be sent to the client. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
462 This option applies to protocol version 2 only. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
463 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
464 - *Default*: '0' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
465 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
466 sshd_client_alive_count_max |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
467 -------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
468 ClientAliveCountMax in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
469 Sets the number of client alive messages (see below) which may be sent without sshd(8) |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
470 receiving any messages back from the client. If this threshold is reached while client alive |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
471 messages are being sent, sshd will disconnect the client, terminating the session. It is |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
472 important to note that the use of client alive messages is very different from TCPKeepAlive |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
473 (below). The client alive messages are sent through the encrypted channel and therefore will |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
474 not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
475 alive mechanism is valuable when the client or server depend on knowing when a connection has |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
476 become inactive. The default value is 3. If ClientAliveInterval (see below) is set to 15, |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
477 and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
478 after approximately 45 seconds. This option applies to protocol version 2 only. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
479 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
480 - *Default*: '3' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
481 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
482 sshd_config_tcp_keepalive |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
483 ------------------------ |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
484 TCPKeepAlive in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
485 Specifies whether the system should send TCP keepalive messages to the other side. If they |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
486 are sent, death of the connection or crash of one of the machines will be properly noticed. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
487 However, this means that connections will die if the route is down temporarily, and some |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
488 people find it annoying. On the other hand, if TCP keepalives are not sent, sessions may |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
489 hang indefinitely on the server, leaving ``ghost'' users and consuming server resources. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
490 A value of 'unset' will not add this parameter to the configuration file. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
491 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
492 On Linux the default is set to ``yes'' (to send TCP keepalive messages), and the server will |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
493 notice if the network goes down or the client host crashes. This avoids infinitely hanging |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
494 sessions. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
495 On Solaris the default is to not add this parameter to the configuration file. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
496 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
497 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
498 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
499 sshd_config_use_privilege_separation |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
500 ---------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
501 UsePrivilegeSeparation in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
502 Causes the SSH process to drop root privileges when not needed. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
503 If specified, valid values are 'yes', 'no' and 'sandbox'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
504 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
505 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
506 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
507 sshd_config_permittunnel |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
508 ----------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
509 PermitTunnel in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
510 Specifies whether tun(4) device forwarding is allowed. The argument must be 'yes', |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
511 'point-to-point' (layer 3), 'ethernet' (layer 2), 'no', or 'unset' (parameter not used). |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
512 Specifying 'yes' permits both 'point-to-point' and 'ethernet'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
513 Independent of this setting, the permissions of the selected tun(4) device must |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
514 allow access to the user. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
515 A value of 'unset' will not add this parameter to the configuration file. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
516 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
517 On Linux the default is set to ``no''. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
518 On Solaris the default is to not add this parameter to the configuration file. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
519 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
520 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
521 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
522 sshd_config_ciphers |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
523 ------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
524 Array of ciphers for the Ciphers setting in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
525 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
526 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
527 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
528 sshd_config_kexalgorithms |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
529 ------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
530 Array of key exchange algorithms for the KexAlgorithms setting in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
531 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
532 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
533 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
534 sshd_config_macs |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
535 ---------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
536 Array of macs for the MACs setting in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
537 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
538 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
539 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
540 sshd_config_denyusers |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
541 --------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
542 Array of users for the DenyUsers setting in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
543 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
544 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
545 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
546 sshd_config_denygroups |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
547 --------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
548 Array of groups for the DenyGroups setting in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
549 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
550 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
551 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
552 sshd_config_allowgroups |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
553 ----------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
554 Array of users for the AllowGroups setting in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
555 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
556 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
557 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
558 sshd_config_allowusers |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
559 ----------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
560 Array of users for the AllowUsers setting in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
561 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
562 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
563 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
564 sshd_config_maxstartups (string) |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
565 ----------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
566 Specifies the maximum number of concurrent unauthenticated connections |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
567 to the SSH daemon. Must be a stringified integer or a string with three |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
568 integers separated by colons, such as '10:30:100'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
569 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
570 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
571 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
572 sshd_config_maxsessions |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
573 ----------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
574 Specifies the maximum number of open sessions permitted per network connection. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
575 A value of 'unset' or undef will not add this parameter to the configuration file. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
576 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
577 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
578 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
579 sshd_config_chrootdirectory |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
580 --------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
581 String with absolute path for the ChrootDirectory directive for the SSH daemon. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
582 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
583 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
584 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
585 sshd_config_forcecommand |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
586 --------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
587 String with command for the ForceCommand directive for the SSH daemon. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
588 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
589 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
590 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
591 sshd_config_match |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
592 ----------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
593 Hash for matches with nested arrays for options for the Match directive for the SSH daemon. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
594 Match directive is supported on SSH >= 5.x. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
595 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
596 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
597 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
598 - *Hiera example*: |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
599 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
600 ``` yaml |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
601 ssh::sshd_config_match: |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
602 'User JohnDoe': |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
603 - 'AllowTcpForwarding yes' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
604 'Address 2.4.2.0': |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
605 - 'X11Forwarding yes' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
606 - 'PasswordAuthentication no' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
607 ``` |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
608 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
609 sshd_config_hostcertificate |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
610 --------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
611 An Absolute Path or Array of Absolute Paths to the Host CA Public Key. Each entry *MUST* be tied 1:1 to a Host CA Private Key (see [sshd_config_hostkey](#sshd_config_hostkey)) |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
612 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
613 - *Default*: undefined |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
614 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
615 sshd_config_trustedusercakeys |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
616 ----------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
617 Absolute path to the OpenSSH User CA Certificate (TrustedUserCAKeys) for use with SSH CA Validation for Users or the string 'none'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
618 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
619 - *Default*: undefined |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
620 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
621 sshd_config_key_revocation_list |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
622 ----------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
623 Absolute path to a key revocation list (RevokedKeys) for use with SSH CA Validation for Users or the string 'none'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
624 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
625 - *Default*: undefined |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
626 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
627 sshd_config_authorized_principals_file |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
628 -------------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
629 String path (relative or absolute) to the `authorized_principals` file. Sets the `AuthorizedPrincipalsFile` setting in `sshd_config` |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
630 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
631 See `sshd_config(5)` for more details |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
632 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
633 - *Default*: undefined |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
634 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
635 sshd_config_allowagentforwarding |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
636 -------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
637 AllowAgentForwarding option in sshd_config. Specifies if ssh-agent(1) |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
638 forwarding is permitted. Valid values are 'yes' and 'no'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
639 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
640 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
641 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
642 config_entries |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
643 -------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
644 Hash of config entries for a specific user's ~/.ssh/config. Please check the docs for ssd::config_entry for a list and details of the parameters usable here. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
645 Setting hiera_merge to true will activate merging entries through all levels of hiera. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
646 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
647 - *Hiera example*: |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
648 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
649 ``` yaml |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
650 ssh::config_entries: |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
651 'root': |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
652 owner: 'root' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
653 group: 'root' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
654 path: '/root/.ssh/config' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
655 host: 'host.example.local' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
656 ``` |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
657 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
658 - *Default*: {} |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
659 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
660 keys |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
661 ---- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
662 Hash of keys for user's ~/.ssh/authorized_keys |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
663 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
664 - *Default*: undefined |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
665 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
666 packages |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
667 -------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
668 Array of package names used for installation. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
669 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
670 - *Default*: Based on OS |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
671 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
672 permit_root_login |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
673 ----------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
674 Allow root login. Valid values are 'yes', 'without-password', 'forced-commands-only', and 'no'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
675 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
676 - *Default*: yes |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
677 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
678 ssh_config_forward_x11_trusted |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
679 ------------------------------ |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
680 ForwardX11Trusted. Determine remote X11 client access to the original X11 display. The option is set to 'yes' on Linux. Valid values are 'yes', 'no', and undef. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
681 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
682 - *Default*: 'USE_DEFAULTS' (Not valid on Solaris.) |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
683 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
684 ssh_package_source |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
685 ------------------ |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
686 Source to SSH packages. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
687 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
688 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
689 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
690 ssh_package_adminfile |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
691 --------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
692 Path to admin file for SSH packages. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
693 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
694 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
695 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
696 sshd_gssapiauthentication |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
697 ------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
698 GSSAPIAuthentication: Enables/disables GSS-API user authentication. Valid values are 'yes' and 'no'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
699 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
700 - *Default*: 'yes' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
701 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
702 sshd_gssapikeyexchange |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
703 ---------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
704 GSSAPIKeyExchange: Enables/disables GSS-API-authenticated key exchanges. Valid values are 'yes', 'no', and undef. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
705 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
706 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
707 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
708 sshd_pamauthenticationviakbdint |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
709 ------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
710 PAMAuthenticationViaKBDInt: Use PAM via keyboard interactive method for authentication. Valid values are 'yes', 'no', and undef. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
711 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
712 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
713 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
714 sshd_gssapicleanupcredentials |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
715 ----------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
716 GSSAPICleanupCredentials: Specifies whether to automatically destroy the user's credentials on logout. Default is 'yes' on Linux. Valid values are 'yes', 'no', and undef. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
717 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
718 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
719 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
720 sshd_acceptenv |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
721 ------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
722 Boolean to enable AcceptEnv options for specifying environment variables. Default is set to true on Linux. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
723 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
724 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
725 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
726 sshd_hostbasedauthentication |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
727 ------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
728 String for HostbasedAuthentication option in sshd_config. Valid values are 'yes' and 'no'. Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed (host-based authentication). This option is similar to RhostsRSAAuthentication and applies to protocol version 2 only. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
729 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
730 - *Default*: 'no' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
731 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
732 sshd_pubkeyacceptedkeytypes |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
733 ------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
734 Array of public key types to be used with the PubkeyAcceptedKeyTypes option in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
735 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
736 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
737 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
738 sshd_pubkeyauthentication |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
739 ------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
740 String for PubkeyAuthentication option in sshd_config. Valid values are 'yes' and 'no'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
741 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
742 - *Default*: 'yes' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
743 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
744 sshd_ignoreuserknownhosts |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
745 ------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
746 String for IgnoreUserKnownHosts option in sshd_config. Valid values are 'yes' and 'no'. Specifies whether sshd(8) should ignore the user's ~/.ssh/known_hosts during RhostsRSAAuthentication or HostbasedAuthentication. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
747 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
748 - *Default*: 'no' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
749 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
750 sshd_config_authenticationmethods |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
751 ------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
752 Array of AuthenticationMethods in sshd_config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
753 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
754 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
755 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
756 sshd_ignorerhosts |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
757 ------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
758 String for IgnoreRhosts option in sshd_config. Valid values are 'yes' and 'no'. Specifies that .rhosts and .shosts files will not be used in RhostsRSAAuthentication or HostbasedAuthentication though /etc/hosts.equiv and /etc/ssh/shosts.equiv are still used. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
759 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
760 - *Default*: 'yes' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
761 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
762 purge_keys |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
763 ---------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
764 Remove keys not managed by puppet. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
765 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
766 - *Default*: 'true' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
767 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
768 manage_firewall |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
769 --------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
770 Open firewall for SSH service. Not used on Solaris. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
771 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
772 - *Default*: false |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
773 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
774 service_ensure |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
775 -------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
776 Ensure SSH service is running. Valid values are 'stopped' and 'running'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
777 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
778 - *Default*: 'running' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
779 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
780 service_name |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
781 ------------ |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
782 Name of the SSH service. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
783 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
784 - *Default*: Based on OS |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
785 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
786 service_enable |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
787 -------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
788 Start SSH at boot. Valid values are 'true', 'false' and 'manual'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
789 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
790 - *Default*: 'true' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
791 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
792 service_hasrestart |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
793 ------------------ |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
794 Specify that the init script has a restart command. Valid values are 'true' and 'false'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
795 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
796 - *Default*: 'true' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
797 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
798 service_hasstatus |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
799 ----------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
800 Boolean to declare whether the service's init script has a functional status command. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
801 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
802 - *Default*: 'USE_DEFAULTS' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
803 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
804 ssh_key_ensure |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
805 -------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
806 Export node SSH key. Valid values are 'present' and 'absent'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
807 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
808 - *Default*: 'present' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
809 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
810 ssh_key_import |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
811 -------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
812 Import all exported node SSH keys. Valid values are 'true' and 'false'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
813 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
814 - *Default*: 'true' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
815 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
816 ssh_key_type |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
817 ------------ |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
818 Encryption type for SSH key. Valid values are 'ecdsa-sha2-nistp256', 'rsa', 'dsa', 'ssh-dss' and 'ssh-rsa' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
819 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
820 - *Default*: 'ssh-rsa' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
821 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
822 ssh_config_global_known_hosts_file |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
823 ---------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
824 File of the global known_hosts file |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
825 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
826 - *Default*: '/etc/ssh/ssh_known_hosts' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
827 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
828 ssh_config_global_known_hosts_list |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
829 ---------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
830 Array of additional known_hosts files to be added to GlobalKnownHostsFile |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
831 option together with `ssh_config_global_known_hosts_file`. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
832 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
833 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
834 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
835 ssh_config_global_known_hosts_owner |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
836 ---------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
837 Owner of the global known_hosts file |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
838 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
839 - *Default*: 'root' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
840 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
841 ssh_config_global_known_hosts_group |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
842 ---------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
843 Group of the global known_hosts file |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
844 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
845 - *Default*: 'root' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
846 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
847 ssh_config_global_known_hosts_mode |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
848 ---------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
849 File mode of the global known_hosts file |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
850 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
851 - *Default*: '0644' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
852 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
853 ssh_config_user_known_hosts_file |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
854 -------------------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
855 Array of user's known_hosts files used in the ssh config option |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
856 UserKnownHostsFile. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
857 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
858 - *Default*: undef |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
859 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
860 manage_root_ssh_config |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
861 ---------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
862 Manage SSH config of root. Valid values are 'true' and 'false'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
863 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
864 - *Default*: 'false' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
865 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
866 root_ssh_config_content |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
867 ----------------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
868 Content of root's ~/.ssh/config. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
869 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
870 - *Default*: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n" |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
871 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
872 manage_service |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
873 -------------- |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
874 Manage the sshd service through this module or not. Valid values are 'true' and 'false'. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
875 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
876 - *Default*: 'true' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
877 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
878 === |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
879 # Manage user's ssh_authorized_keys |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
880 This works by passing the ssh::keys hash to the ssh_authorized_keys type with create_resources(). Because of this, you may specify any valid parameter for ssh_authorized_key. See the [Type Reference](http://docs.puppetlabs.com/references/stable/type.html#ssh_authorized_key) for a complete list. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
881 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
882 ## Sample usage: |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
883 Push authorized key "root_for_userX" and remove key "root_for_userY" through Hiera. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
884 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
885 ``` yaml |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
886 ssh::keys: |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
887 root_for_userX: |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
888 ensure: present |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
889 user: root |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
890 type: dsa |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
891 key: AAAA...== |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
892 apachehup: |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
893 ensure: present |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
894 user: apachehup |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
895 type: rsa |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
896 key: 'AAAA...==' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
897 options: 'command="/sbin/service httpd restart"' |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
898 root_for_userY: |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
899 ensure: absent |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
900 user: root |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
901 ``` |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
902 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
903 Manage config entries in a personal ssh/config file. |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
904 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
905 ``` |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
906 Ssh::Config_entry { |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
907 ensure => present, |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
908 path => '/home/jenkins/.ssh/config', |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
909 owner => 'jenkins', |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
910 group => 'jenkins', |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
911 } |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
912 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
913 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
914 ssh::config_entry { 'jenkins *': |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
915 host => '*', |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
916 lines => [ |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
917 ' ForwardX11 no', |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
918 ' StrictHostKeyChecking no', |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
919 ], |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
920 order => '10', |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
921 } |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
922 |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
923 ssh::config_entry { 'jenkins github.com': |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
924 host => 'github.com', |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
925 lines => [" IdentityFile /home/jenkins/.ssh/jenkins-gihub.key"], |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
926 order => '20', |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
927 } |
|
d9009f54eb23
Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
928 ``` |