aboutsummaryrefslogtreecommitdiff
path: root/manifests/init.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/init.pp')
-rw-r--r--manifests/init.pp187
1 files changed, 102 insertions, 85 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 8489a6a..83b26c1 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -28,6 +28,13 @@
# $sshd_use_pam = yes
# include sshd::debian
#
+# If you need to install a version of the ssh daemon or client package other than
+# the default one that would be installed by 'ensure => installed', then you can
+# set the following variables:
+#
+# $sshd_ensure_version = "1:5.2p2-6"
+# $ssh_ensure_version = "1:5.2p2-6"
+#
# The following is a list of the currently available variables:
#
# sshd_listen_address: specify the addresses sshd should listen on
@@ -113,95 +120,105 @@
# Might be interesting for sftponly usage
# Default: empty -> no change of the default
#
-# sshd_additional_options: Set this to any additional sshd_options which aren't listed above.
-# As well this option might be usefull to define complexer Match Blocks
-# This string is going to be included, like it is defined. So take care!
-# Default: empty -> not added.
+# sshd_head_additional_options: Set this to any additional sshd_options which aren't listed above.
+# Anything set here will be added to the beginning of the sshd_config file.
+# This option might be useful to define complicated Match Blocks
+# This string is going to be included, like it is defined. So take care!
+# Default: empty -> not added.
+#
+# sshd_tail_additional_options: Set this to any additional sshd_options which aren't listed above.
+# Anything set here will be added to the end of the sshd_config file.
+# This option might be useful to define complicated Match Blocks
+# This string is going to be included, like it is defined. So take care!
+# Default: empty -> not added.
class sshd {
- # prepare variables to use in templates
- case $sshd_listen_address {
- '': { $sshd_listen_address = [ '0.0.0.0', '::' ] }
- }
- case $sshd_allowed_users {
- '': { $sshd_allowed_users = '' }
- }
- case $sshd_allowed_groups {
- '': { $sshd_allowed_groups = '' }
- }
- case $sshd_use_pam {
- '': { $sshd_use_pam = 'no' }
- }
- case $sshd_permit_root_login {
- '': { $sshd_permit_root_login = 'without-password' }
- }
- case $sshd_password_authentication {
- '': { $sshd_password_authentication = 'no' }
- }
- case $sshd_tcp_forwarding {
- '': { $sshd_tcp_forwarding = 'no' }
- }
- case $sshd_x11_forwarding {
- '': { $sshd_x11_forwarding = 'no' }
- }
- case $sshd_agent_forwarding {
- '': { $sshd_agent_forwarding = 'no' }
- }
- case $sshd_challenge_response_authentication {
- '': { $sshd_challenge_response_authentication = 'no' }
- }
- case $sshd_pubkey_authentication {
- '': { $sshd_pubkey_authentication = 'yes' }
- }
- case $sshd_rsa_authentication {
- '': { $sshd_rsa_authentication = 'no' }
- }
- case $sshd_strict_modes {
- '': { $sshd_strict_modes = 'yes' }
- }
- case $sshd_ignore_rhosts {
- '': { $sshd_ignore_rhosts = 'yes' }
- }
- case $sshd_rhosts_rsa_authentication {
- '': { $sshd_rhosts_rsa_authentication = 'no' }
- }
- case $sshd_hostbased_authentication {
- '': { $sshd_hostbased_authentication = 'no' }
- }
- case $sshd_permit_empty_passwords {
- '': { $sshd_permit_empty_passwords = 'no' }
- }
- case $sshd_port {
- '': { $sshd_port = 22 }
- }
- case $sshd_authorized_keys_file {
- '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
- }
- case $sshd_sftp_subsystem {
- '': { $sshd_sftp_subsystem = '' }
- }
- case $sshd_additional_options {
- '': { $sshd_additional_options = '' }
- }
-
- include sshd::client
+ # prepare variables to use in templates
+ case $sshd_listen_address {
+ '': { $sshd_listen_address = [ '0.0.0.0', '::' ] }
+ }
+ case $sshd_allowed_users {
+ '': { $sshd_allowed_users = '' }
+ }
+ case $sshd_allowed_groups {
+ '': { $sshd_allowed_groups = '' }
+ }
+ case $sshd_use_pam {
+ '': { $sshd_use_pam = 'no' }
+ }
+ case $sshd_permit_root_login {
+ '': { $sshd_permit_root_login = 'without-password' }
+ }
+ case $sshd_password_authentication {
+ '': { $sshd_password_authentication = 'no' }
+ }
+ case $sshd_tcp_forwarding {
+ '': { $sshd_tcp_forwarding = 'no' }
+ }
+ case $sshd_x11_forwarding {
+ '': { $sshd_x11_forwarding = 'no' }
+ }
+ case $sshd_agent_forwarding {
+ '': { $sshd_agent_forwarding = 'no' }
+ }
+ case $sshd_challenge_response_authentication {
+ '': { $sshd_challenge_response_authentication = 'no' }
+ }
+ case $sshd_pubkey_authentication {
+ '': { $sshd_pubkey_authentication = 'yes' }
+ }
+ case $sshd_rsa_authentication {
+ '': { $sshd_rsa_authentication = 'no' }
+ }
+ case $sshd_strict_modes {
+ '': { $sshd_strict_modes = 'yes' }
+ }
+ case $sshd_ignore_rhosts {
+ '': { $sshd_ignore_rhosts = 'yes' }
+ }
+ case $sshd_rhosts_rsa_authentication {
+ '': { $sshd_rhosts_rsa_authentication = 'no' }
+ }
+ case $sshd_hostbased_authentication {
+ '': { $sshd_hostbased_authentication = 'no' }
+ }
+ case $sshd_permit_empty_passwords {
+ '': { $sshd_permit_empty_passwords = 'no' }
+ }
+ case $sshd_port {
+ '': { $sshd_port = 22 }
+ }
+ case $sshd_authorized_keys_file {
+ '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
+ }
+ case $sshd_sftp_subsystem {
+ '': { $sshd_sftp_subsystem = '' }
+ }
+ case $sshd_head_additional_options {
+ '': { $sshd_head_additional_options = '' }
+ }
+ case $sshd_tail_additional_options {
+ '': { $sshd_tail_additional_options = '' }
+ }
+ case $sshd_ensure_version {
+ '': { $sshd_ensure_version = "present" }
+ }
- case $operatingsystem {
- gentoo: { include sshd::gentoo }
- redhat,centos: { include sshd::redhat }
- centos: { include sshd::centos }
- openbsd: { include sshd::openbsd }
- debian,ubuntu: { include sshd::debian }
- default: { include sshd::default }
- }
+ include sshd::client
- if $use_nagios {
- if $nagios_check_ssh {
- nagios::service{ "ssh_${fqdn}_port_${sshd_port}": check_command => "ssh_port!$sshd_port" }
- }
- }
+ case $operatingsystem {
+ gentoo: { include sshd::gentoo }
+ redhat,centos: { include sshd::redhat }
+ centos: { include sshd::centos }
+ openbsd: { include sshd::openbsd }
+ debian,ubuntu: { include sshd::debian }
+ default: { include sshd::default }
+ }
- if $use_shorewall{
- include shorewall::rules::ssh
+ if $use_nagios {
+ case $nagios_check_ssh {
+ 'false': { info("We don't do nagioschecks for ssh on ${fqdn}" ) }
+ default: { nagios::service{ "ssh_${fqdn}_port_${sshd_port}": check_command => "ssh_port!$sshd_port" } }
}
+ }
}