add the ability to set the ListenAddress configuration option through sshd_listen_address

manifests/init.pp

@@ -22,6 +22,11 @@
 # of variables, which you might consider to configure. 
 # Checkout the following:
 #
+# sshd_listen_address:          specify the addresses sshd should listen on
+#                               set this to "10.0.0.1 192.168.0.1" to have it listen on both
+#                               addresses, or leave it unset to listen on all
+#                               Default: empty -> results in listening on 0.0.0.0
+#
 # sshd_allowed_users:           list of usernames separated by spaces. 
 #                               set this for example to "foobar root"
 #                               to ensure that only user foobar and root
@@ -105,6 +110,10 @@ class sshd {
 
 class sshd::base {
     # prepare variables to use in templates
+    $real_sshd_listen_address = $sshd_sshd_listen_address ? {
+      '' => '',
+      default => $sshd_sshd_listen_address
+    }
     $real_sshd_allowed_users = $sshd_allowed_users ? {
         ''  => '',
         default => $sshd_allowed_users

templates/sshd_config/CentOS_normal.erb

@@ -16,12 +16,13 @@ Port <%= real_sshd_port %>
 Port 22
 <%- end %>
 
+# Use these options to restrict which interfaces/protocols sshd will bind to
+<% for address in real_sshd_listen_address -%>
+ListenAddress <%= address %>
+<% end -%>
+#AddressFamily any
 #Protocol 2,1
 Protocol 2
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key
 # HostKeys for protocol version 2

templates/sshd_config/Debian_normal.erb

@@ -2,7 +2,6 @@
 # See the sshd(8) manpage for details
 
 # What ports, IPs and protocols we listen for
-
 <%- unless real_sshd_port.to_s.empty? then %>
 Port <%= real_sshd_port -%>
 <%- else -%>
@@ -10,8 +9,9 @@ Port 22
 <%- end -%>
 
 # Use these options to restrict which interfaces/protocols sshd will bind to
-#ListenAddress ::
+<% for address in real_sshd_listen_address -%>
-#ListenAddress 0.0.0.0
+ListenAddress <%= address %>
+<% end -%>
 Protocol 2
 # HostKeys for protocol version 2
 HostKey /etc/ssh/ssh_host_rsa_key

templates/sshd_config/Gentoo_normal.erb

@@ -16,9 +16,11 @@ Port <%= real_sshd_port %>
 Port 22
 <%- end %>
 
+# Use these options to restrict which interfaces/protocols sshd will bind to
+<% for address in real_sshd_listen_address -%>
+ListenAddress <%= address %>
+<% end -%>
 #AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
 
 # Disable legacy (protocol version 1) support in the server for new
 # installations. In future the default will change to require explicit

templates/sshd_config/OpenBSD_normal.erb

@@ -14,10 +14,12 @@ Port <%= real_sshd_port %>
 Port 22
 <%- end %>
 
+# Use these options to restrict which interfaces/protocols sshd will bind to
+<% for address in real_sshd_listen_address -%>
+ListenAddress <%= address %>
+<% end -%>
 #Protocol 2,1
 #AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
 
 # HostKey for protocol version 1
 #HostKey /etc/ssh/ssh_host_key