1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
class nodo::subsystem::sshd {
# SSH Server
#
# We need to restrict listen address by default so multiple
# instances can live together in the same physical host.
#
class { '::sshd':
manage_nagios => hiera('nodo::subsystem::sshd::manage_nagios', false),
listen_address => hiera('nodo::subsystem::sshd::listen_address', [ "${::ipaddress}", '127.0.0.1' ]),
password_authentication => hiera('nodo::subsystem::sshd::password_authentication', 'yes'),
shared_ip => hiera('nodo::subsystem::sshd::shared_ip', 'yes'),
tcp_forwarding => hiera('nodo::subsystem::sshd::tcp_forwarding', 'yes'),
x11_forwarding => hiera('nodo::subsystem::sshd::x11_forwarding', 'no'),
hardened => hiera('nodo::subsystem::sshd::hardened', 'yes'),
print_motd => hiera('nodo::subsystem::sshd::print_motd', 'no'),
ports => hiera('nodo::subsystem::sshd::ports', [ 22 ]),
use_pam => hiera('nodo::subsystem::sshd::use_pam', 'no'),
use_storedconfigs => hiera('nodo::subsystem::use_storedconfigs', false),
}
# Add the localhost ssh key, useful when one needs
# to ssh to localhost.
sshkey { [ 'localhost', '127.0.0.1' ]:
type => ssh-rsa,
key => $::sshrsakey,
ensure => $::sshrsakey ? {
'' => absent,
default => present,
},
}
}
|