diff options
Diffstat (limited to 'manifests/subsystem/sshd.pp')
| -rw-r--r-- | manifests/subsystem/sshd.pp | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/manifests/subsystem/sshd.pp b/manifests/subsystem/sshd.pp new file mode 100644 index 0000000..80c6747 --- /dev/null +++ b/manifests/subsystem/sshd.pp @@ -0,0 +1,29 @@ +class nodo::subsystem::sshd { + # SSH Server + # + # We need to restrict listen address by default so multiple + # instances can live together in the same physical host. + # + class { 'sshd': + manage_nagios => hiera('nodo::subsystem::sshd::manage_nagios', false), + listen_address => hiera('nodo::subsystem::sshd::listen_address', [ "${::ipaddress}", '127.0.0.1' ]), + password_authentication => hiera('nodo::subsystem::sshd::password_authentication', 'yes'), + shared_ip => hiera('nodo::subsystem::sshd::shared_ip', 'yes'), + tcp_forwarding => hiera('nodo::subsystem::sshd::tcp_forwarding', 'yes'), + hardened_ssl => hiera('nodo::subsystem::sshd::hardened_ssl', 'yes'), + print_motd => hiera('nodo::subsystem::sshd::print_motd', 'no'), + ports => hiera('nodo::subsystem::sshd::ports', [ 22 ]), + use_pam => hiera('nodo::subsystem::sshd::use_pam', 'no'), + } + + # Add the localhost ssh key, useful when one needs + # to ssh to localhost. + sshkey { [ 'localhost', '127.0.0.1' ]: + type => ssh-rsa, + key => $::sshrsakey, + ensure => $::sshrsakey ? { + '' => absent, + default => present, + }, + } +} |