Mercurial > repos > other > Puppet

annotate modules/ssh/README.md @ 478:adf6fe9bbc17

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Puppet modules to latest versions
author IBBoard <dev@ibboard.co.uk>
date Thu, 29 Aug 2024 18:47:29 +0100
parents d9009f54eb23
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
1 # puppet-module-ssh
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
2
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
3 Manage ssh client and server.
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
4
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
5 This module is based on the OpenSSH v7.0 implementation. All parameters that are described in the
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
6 man pages are available to this module with the exception of the Match parameter. Some SSH
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
7 implementations do provide extra features and use additional parameters. These deviations can
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
8 still be managed with the help of the `$custom` parameter. This freetext parameter allows you to add
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
9 any lines to ssh_config and sshd_config that you wish to.
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
10
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
11 This module may be used with a simple `include ::ssh`
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
12
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
13 The `ssh::config_entry` defined type may be used directly and is used to manage
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
14 Host entries in a personal `~/.ssh/config` file.
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
15
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
16 #### Table of Contents
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
17 1. [Compatibility](#compatibility)
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
18 1. [Parameters](#parameters)
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
19 1. [Examples](#sample-usage)
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
20 1. [Upgrading](#upgrading)
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
21 1. [Contributing](#contributing)
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
22
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
23
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
24 ## Compatibility
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
25
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
26 This module officially supports the platforms listed in the
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
27 `metadata.json`. It does not fail on unsupported platforms and has been
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
28 known to work on many, many platforms since its creation in 2010.
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
29
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
30 ### Known to work
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
31
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
32 * Archlinux
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
33 * Debian 10
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
34 * Debian 11
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
35 * EL 7
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
36 * EL 8
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
37 * EL 9
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
38 * Ubuntu 18.04 LTS
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
39 * Ubuntu 20.04 LTS
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
40 * Ubuntu 22.04 LTS
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
41 * Solaris 10
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
42 * Solaris 11
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
43
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
44
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
45 ### SunSSH
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
46 If you use the Sun Solaris SSH, please keep in mind that not all parameters can be used.
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
47
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
48 Unsupported parameters for ssh_config:
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
49 AddressFamily, Tunnel, TunnelDevice, PermitLocalCommand, HashKnownHosts
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
50
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
51 Unsupported parameters for sshd_config:
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
52 KerberosOrLocalPasswd, KerberosTicketCleanup, KerberosGetAFSToken, TCPKeepAlive, ShowPatchLevel,
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
53 MaxSessions, PermitTunnel
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
54
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
55
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
56 # Parameters
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
57 A value of `undef` will use the defaults specified by the module. See `data/os/` for the actual
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
58 default settings for supported operating systems.
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
59
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
60 Please keep in mind that this module does not include any sanity checks. Depending on the set
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
61 parameters or values and the running version of SSH the resulting configuration could stop SSH
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
62 from working.
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
63
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
64
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
65 See [REFERENCE.md](REFERENCE.md) for a list of all parameters.
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
66
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
67 # Manage user's ssh_authorized_keys
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
68 The hash ssh::keys is passed to ssh_authorized_key type. Because of this, you may specify any valid
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
69 parameter for ssh_authorized_key.
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
70 See the [Type Reference](https://github.com/puppetlabs/puppetlabs-sshkeys_core/blob/main/REFERENCE.md#ssh_authorized_key)
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
71 for a complete list.
385
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
72
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
73 ## Sample usage:
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
74 Push authorized key "root_for_userX" and remove key "root_for_userY" through Hiera.
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
75
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
76 ``` yaml
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
77 ssh::keys:
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
78 root_for_userX:
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
79 ensure: present
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
80 user: root
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
81 type: dsa
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
82 key: AAAA...==
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
83 apachehup:
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
84 ensure: present
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
85 user: apachehup
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
86 type: rsa
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
87 key: 'AAAA...=='
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
88 options: 'command="/sbin/service httpd restart"'
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
89 root_for_userY:
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
90 ensure: absent
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
91 user: root
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
92 ```
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
93
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
94 Manage config entries in a personal ssh/config file.
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
95
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
96 ```
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
97 Ssh::Config_entry {
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
98 ensure => present,
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
99 path => '/home/jenkins/.ssh/config',
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
100 owner => 'jenkins',
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
101 group => 'jenkins',
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
102 }
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
103
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
104
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
105 ssh::config_entry { 'jenkins *':
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
106 host => '*',
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
107 lines => [
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
108 ' ForwardX11 no',
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
109 ' StrictHostKeyChecking no',
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
110 ],
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
111 order => '10',
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
112 }
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
113
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
114 ssh::config_entry { 'jenkins github.com':
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
115 host => 'github.com',
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
116 lines => [" IdentityFile /home/jenkins/.ssh/jenkins-gihub.key"],
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
117 order => '20',
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
118 }
d9009f54eb23 Migrate to a fully-fledged SSH module
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
119 ```
478
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
120
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
121 # Manage configurations files in .d directories
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
122 SSH supports configuration files in .d directories via the `include` directive. This module enables you to also manage these files. You need to set directives for the server (eg: /etc/ssh/sshd_config.d) and client (eg: /etc/ssh/ssh_config.d) part seperatly as they support different directives.
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
123
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
124 You can activate the management by ensuring `$include` is defined and pass a hash with the needed SSH directives and their values.
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
125 Directives can be passed as hash via the `$ssh::config_files` and `$ssh::server::config_files` parameters. Directives passed as hash via `lines` will be checked for correct names and values. Directives passed as array via `custom` will not be checked and will be added to the configuration file. Similar to the main configuration files.
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
126
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
127 Different file permissions can be specified via `owner`, `group`, or `mode`.
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
128 You can remove a file by setting `ensure` to `absent`.
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
129
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
130 ## Sample usage:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
131 Manage the client configuration file /etc/ssh/ssh_config.d/50-redhat.conf with some directives and default file permissions (0644 root:root).
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
132 ``` yaml
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
133 ssh::include: /etc/ssh/ssh_config.d/*.conf
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
134 ssh::config_files:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
135 '50-redhat':
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
136 lines:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
137 Match: 'final all'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
138 Include: '/etc/crypto-policies/back-ends/openssh.config'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
139 GSSAPIAuthentication: 'yes'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
140 ForwardX11Trusted: 'yes'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
141 ```
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
142
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
143 Manage the server configuration file /etc/ssh/sshd_config.d/50-redhat.conf with some directives and default file permissions (0600 root:root).
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
144 ``` yaml
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
145 ssh::server::include: /etc/ssh/sshd_config.d/*.conf
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
146 ssh::server::config_files:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
147 '50-redhat':
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
148 lines:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
149 Include: '/etc/crypto-policies/back-ends/opensshserver.config'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
150 SyslogFacility: 'AUTHPRIV'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
151 ChallengeResponseAuthentication: 'no'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
152 GSSAPIAuthentication: 'yes'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
153 GSSAPICleanupCredentials: 'no'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
154 UsePAM: 'yes'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
155 X11Forwarding: 'yes'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
156 PrintMotd: 'no'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
157 ```
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
158 You can also specify different file permissions by setting $owner, $group, or $mode accordingly:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
159 ``` yaml
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
160 ssh::include: /etc/ssh/ssh_config.d/*.conf
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
161 ssh::config_files:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
162 '50-redhat':
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
163 owner: 'name'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
164 group: 'group'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
165 mode: '0664'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
166 lines:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
167 Match: 'final all'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
168 GSSAPIAuthentication: 'yes'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
169 ```
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
170 Using directives that are not supported by this module:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
171 ``` yaml
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
172 ssh::include: /etc/ssh/ssh_config.d/*.conf
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
173 ssh::config_files:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
174 '50-redhat':
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
175 custom:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
176 - 'Directive1 Value1'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
177 - 'Directive2 Value2'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
178 ```
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
179
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
180 Remove the file /etc/ssh/ssh_config.d/50-redhat.conf:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
181 ``` yaml
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
182 ssh::include: /etc/ssh/ssh_config.d/*.conf
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
183 ssh::config_files:
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
184 '50-redhat':
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
185 ensure: 'absent'
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
186 ```
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
187
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
188 ## Upgrading
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
189
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
190 The SSH module v4 was completely rewritten. In this process all parameters for the SSH configuration
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
191 files have been renamed. Users that want to upgrade need to change their running configuration.
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
192 To make your upgrade easier there is a list of old and new parameter names.
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
193 Consult [UPGRADING.md](UPGRADING.md)
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
194
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
195
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
196 ## Contributing
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
197
adf6fe9bbc17 Update Puppet modules to latest versions
IBBoard <dev@ibboard.co.uk>
parents: 385
diff changeset
198 Please check [CONTRIBUTING.md](CONTRIBUTING.md)