add the ability to set the ListenAddress configuration option through sshd_listen_address

2008-09-27 13:30:52 -04:00 · 2008-09-27 13:30:52 -04:00 · 2391ef9bfe
commit 2391ef9bfe
parent f62573822b
5 changed files with 26 additions and 12 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -22,6 +22,11 @@
 # of variables, which you might consider to configure. 
 # Checkout the following:
 #
+# sshd_listen_address:          specify the addresses sshd should listen on
+#                               set this to "10.0.0.1 192.168.0.1" to have it listen on both
+#                               addresses, or leave it unset to listen on all
+#                               Default: empty -> results in listening on 0.0.0.0
+#
 # sshd_allowed_users:           list of usernames separated by spaces. 
 #                               set this for example to "foobar root"
 #                               to ensure that only user foobar and root
@ -104,7 +109,11 @@ class sshd {


 class sshd::base {
-    # prepare variables to use in templates 
+    # prepare variables to use in templates
+    $real_sshd_listen_address = $sshd_sshd_listen_address ? {
+      '' => '',
+      default => $sshd_sshd_listen_address
+    }
    $real_sshd_allowed_users = $sshd_allowed_users ? {
        ''  => '',
        default => $sshd_allowed_users
--- a/templates/sshd_config/CentOS_normal.erb
+++ b/templates/sshd_config/CentOS_normal.erb
@ -16,12 +16,13 @@ Port <%= real_sshd_port %>
 Port 22
 <%- end %>

+# Use these options to restrict which interfaces/protocols sshd will bind to
+<% for address in real_sshd_listen_address -%>
+ListenAddress <%= address %>
+<% end -%>
+#AddressFamily any
 #Protocol 2,1
 Protocol 2
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
 # HostKeys for protocol version 2
--- a/templates/sshd_config/Debian_normal.erb
+++ b/templates/sshd_config/Debian_normal.erb
@ -2,7 +2,6 @@
 # See the sshd(8) manpage for details

 # What ports, IPs and protocols we listen for
-
 <%- unless real_sshd_port.to_s.empty? then %>
 Port <%= real_sshd_port -%>
 <%- else -%>
@ -10,8 +9,9 @@ Port 22
 <%- end -%>

 # Use these options to restrict which interfaces/protocols sshd will bind to
-#ListenAddress ::
-#ListenAddress 0.0.0.0
+<% for address in real_sshd_listen_address -%>
+ListenAddress <%= address %>
+<% end -%>
 Protocol 2
 # HostKeys for protocol version 2
 HostKey /etc/ssh/ssh_host_rsa_key
--- a/templates/sshd_config/Gentoo_normal.erb
+++ b/templates/sshd_config/Gentoo_normal.erb
@ -16,9 +16,11 @@ Port <%= real_sshd_port %>
 Port 22
 <%- end %>

+# Use these options to restrict which interfaces/protocols sshd will bind to
+<% for address in real_sshd_listen_address -%>
+ListenAddress <%= address %>
+<% end -%>
 #AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::

 # Disable legacy (protocol version 1) support in the server for new
 # installations. In future the default will change to require explicit
--- a/templates/sshd_config/OpenBSD_normal.erb
+++ b/templates/sshd_config/OpenBSD_normal.erb
@ -14,10 +14,12 @@ Port <%= real_sshd_port %>
 Port 22
 <%- end %>

+# Use these options to restrict which interfaces/protocols sshd will bind to
+<% for address in real_sshd_listen_address -%>
+ListenAddress <%= address %>
+<% end -%>
 #Protocol 2,1
 #AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::

 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key