This module installs and configures ssh client/server.
Some features:
- export/import ssh host keys based on
$environmentPuppet variable - only root can manage ssh_authorized_keys for users (
/etc/ssh/authorized_keys/<username>) - purges unknown sshkey resources
Sshd configuration:
- only protocol 2
- only IPv4
- internal sftp subsystem
- disable password authorization
- only PubKey auth (root account too)
Install ssh client and server.
include ssh
Install ssh client and export host key for current $environment.
Add 'localhost' key to known hosts.
include ssh::client
Class ssh::client modified to import ssh host keys from all environments. Suitable for puppet master host or other all-environment nodes.
include ssh::client::allenv
This module install ssh server and configure it as mentioned in module description.
Host key is exported with for-env-${environment} tag.
include ssh::server
Provide system dependent variables for other classes in this module.
- Debian (tested on squeeze)
- Ubuntu (untested, should work)
New provider for ssh_authorized_key type that put authorized_keys files with
proper permissions in /etc/ssh/authorized_keys directory.
File mode and ownership example:
-rw-r----- 1 root demo 595 May 24 20:34 /etc/ssh/authorized_keys/demo