diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/base.pp | 22 | ||||
| -rw-r--r-- | manifests/client.pp | 9 | ||||
| -rw-r--r-- | manifests/client/base.pp | 5 | ||||
| -rw-r--r-- | manifests/init.pp | 18 | ||||
| -rw-r--r-- | manifests/ssh_authorized_key.pp | 4 |
5 files changed, 44 insertions, 14 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 2ac2385..848e547 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -10,18 +10,24 @@ class sshd::base { } # Now add the key, if we've got one - case $sshrsakey_key { + case $sshrsakey { '': { info("no sshrsakey on $fqdn") } default: { - @@sshkey{"$hostname.$domain": - type => ssh-rsa, - key => $sshrsakey_key, + @@sshkey{"$fqdn": + tag => "fqdn", + type => ssh-rsa, + key => $sshrsakey, ensure => present, } - @@sshkey{"$ipaddress": - type => ssh-rsa, - key => $sshrsakey, - ensure => present, + # In case the node has uses a shared network address, + # we don't define a sshkey resource using an IP address + if $sshd_shared_ip == "no" { + @@sshkey{"$ipaddress": + tag => "ipaddress", + type => ssh-rsa, + key => $sshrsakey, + ensure => present, + } } } } diff --git a/manifests/client.pp b/manifests/client.pp index 31785e9..5eed5fc 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -1,16 +1,23 @@ # manifests/client.pp class sshd::client { + + case $sshd_shared_ip { + '': { $sshd_shared_ip = "no" } + } + case $operatingsystem { debian,ubuntu: { include sshd::client::debian } default: { case $kernel { linux: { include sshd::client::linux } - default: { include sshd::client::base } + default: { include sshd::client::base } } } } + if $use_shorewall{ include shorewall::rules::out::ssh } + } diff --git a/manifests/client/base.pp b/manifests/client/base.pp index 64d4f6f..1fe2b14 100644 --- a/manifests/client/base.pp +++ b/manifests/client/base.pp @@ -4,5 +4,8 @@ class sshd::client::base { } # Now collect all server keys - Sshkey <<||>> + case $sshd_shared_ip { + no: { Sshkey <<||>> } + yes: { Sshkey <<| tag == "fqdn" |>> } + } } diff --git a/manifests/init.pp b/manifests/init.pp index 991fbba..8b3361c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -77,6 +77,9 @@ class sshd { case $sshd_authorized_keys_file { '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" } } + case $sshd_hardened_ssl { + '': { $sshd_hardened_ssl = 'no' } + } case $sshd_sftp_subsystem { '': { $sshd_sftp_subsystem = '' } } @@ -89,8 +92,19 @@ class sshd { case $sshd_ensure_version { '': { $sshd_ensure_version = "present" } } + case $sshd_print_motd { + '': { + case $operatingsystem { + debian,ubuntu: { $sshd_print_motd = "no" } + default: { $sshd_print_motd = "yes" } + } + } + } + case $sshd_shared_ip { + '': { $sshd_shared_ip = "no" } + } - include sshd::client + include sshd::client case $operatingsystem { gentoo: { include sshd::gentoo } @@ -98,7 +112,7 @@ class sshd { centos: { include sshd::centos } openbsd: { include sshd::openbsd } debian,ubuntu: { include sshd::debian } - default: { include sshd::default } + default: { include sshd::base } } if $use_nagios { diff --git a/manifests/ssh_authorized_key.pp b/manifests/ssh_authorized_key.pp index bf188d8..40649b0 100644 --- a/manifests/ssh_authorized_key.pp +++ b/manifests/ssh_authorized_key.pp @@ -3,7 +3,7 @@ define sshd::ssh_authorized_key( $ensure = 'present', $type = 'ssh-dss', $key = 'absent', - $user = 'root', + $user = '', $target = undef, $options = 'absent' ){ @@ -22,7 +22,7 @@ define sshd::ssh_authorized_key( undef,'': { case $real_user { 'root': { $real_target = '/root/.ssh/authorized_keys' } - default: { $real_target = "/home/${user}/.ssh/authorized_keys" } + default: { $real_target = "/home/${real_user}/.ssh/authorized_keys" } } } default: { |