aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystem/sshd.pp
blob: cf57f7265f3fbf69565a6ece87598e2c0b13a3d1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
class nodo::subsystem::sshd {
  # SSH Server
  #
  # We need to restrict listen address by default so multiple
  # instances can live together in the same physical host.
  #
  class { '::sshd':
    manage_nagios           => hiera('nodo::subsystem::sshd::manage_nagios',           false),      
    listen_address          => hiera('nodo::subsystem::sshd::listen_address',          [ "${::ipaddress}", '127.0.0.1' ]),
    password_authentication => hiera('nodo::subsystem::sshd::password_authentication', 'yes'),
    shared_ip               => hiera('nodo::subsystem::sshd::shared_ip',               'yes'),
    tcp_forwarding          => hiera('nodo::subsystem::sshd::tcp_forwarding',          'yes'),
    x11_forwarding          => hiera('nodo::subsystem::sshd::x11_forwarding',          'no'),
    hardened_ssl            => hiera('nodo::subsystem::sshd::hardened_ssl',            'yes'),
    print_motd              => hiera('nodo::subsystem::sshd::print_motd',              'no'),
    ports                   => hiera('nodo::subsystem::sshd::ports',                   [ 22 ]),
    use_pam                 => hiera('nodo::subsystem::sshd::use_pam',                 'no'),
  }

  # Add the localhost ssh key, useful when one needs
  # to ssh to localhost.
  sshkey { [ 'localhost', '127.0.0.1' ]:
    type   => ssh-rsa,
    key    => $::sshrsakey,
    ensure => $::sshrsakey ? {
      ''      => absent,
      default => present,
    },
  }
}