opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
module-sshd/manifests/init.pp
Gabriel Filion 6615426a49 Clean out $ssh_use_strong_ciphers 
A tentative option from rhatto using the variable named
$ssh_use_strong_ciphers still has two lines in init.pp

Since the same functionality is provided by the variable
$ssh_hardened_ssl that was merged in the shared repository, rhatto
removed his feature. But there are still two lines left, so simply
remove them.

Signed-off-by: Gabriel Filion <lelutin@gmail.com>
2011-07-16 23:49:11 -04:00

133 lines
3.5 KiB
Puppet
Raw Blame History

class sshd {
# prepare variables to use in templates
case $sshd_listen_address {
'': { $sshd_listen_address = [ '0.0.0.0', '::' ] }
}
case $sshd_allowed_users {
'': { $sshd_allowed_users = '' }
}
case $sshd_allowed_groups {
'': { $sshd_allowed_groups = '' }
}
case $sshd_use_pam {
'': { $sshd_use_pam = 'no' }
}
case $sshd_permit_root_login {
'': { $sshd_permit_root_login = 'without-password' }
}
case $sshd_password_authentication {
'': { $sshd_password_authentication = 'no' }
}
case $sshd_kerberos_authentication {
'': { $sshd_kerberos_authentication = 'no' }
}
case $sshd_kerberos_orlocalpasswd {
'': { $sshd_kerberos_orlocalpasswd = 'yes' }
}
case $sshd_kerberos_ticketcleanup {
'': { $sshd_kerberos_ticketcleanup = 'yes' }
}
case $sshd_gssapi_authentication {
'': { $sshd_gssapi_authentication = 'no' }
}
case $sshd_gssapi_cleanupcredentials {
'': { $sshd_gssapi_cleanupcredentials = 'yes' }
}
case $sshd_tcp_forwarding {
'': { $sshd_tcp_forwarding = 'no' }
}
case $sshd_x11_forwarding {
'': { $sshd_x11_forwarding = 'no' }
}
case $sshd_agent_forwarding {
'': { $sshd_agent_forwarding = 'no' }
}
case $sshd_challenge_response_authentication {
'': { $sshd_challenge_response_authentication = 'no' }
}
case $sshd_pubkey_authentication {
'': { $sshd_pubkey_authentication = 'yes' }
}
case $sshd_rsa_authentication {
'': { $sshd_rsa_authentication = 'no' }
}
case $sshd_strict_modes {
'': { $sshd_strict_modes = 'yes' }
}
case $sshd_ignore_rhosts {
'': { $sshd_ignore_rhosts = 'yes' }
}
case $sshd_rhosts_rsa_authentication {
'': { $sshd_rhosts_rsa_authentication = 'no' }
}
case $sshd_hostbased_authentication {
'': { $sshd_hostbased_authentication = 'no' }
}
case $sshd_permit_empty_passwords {
'': { $sshd_permit_empty_passwords = 'no' }
}
if ( $sshd_port != '' ) and ( $sshd_ports != []) {
err("Cannot use sshd_port and sshd_ports at the same time.")
}
if $sshd_port != '' {
$sshd_ports = [ $sshd_port ]
} elsif ! $sshd_ports {
$sshd_ports = [ 22 ]
}
case $sshd_authorized_keys_file {
'': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
}
case $sshd_hardened_ssl {
'': { $sshd_hardened_ssl = 'no' }
}
case $sshd_sftp_subsystem {
'': { $sshd_sftp_subsystem = '' }
}
case $sshd_head_additional_options {
'': { $sshd_head_additional_options = '' }
}
case $sshd_tail_additional_options {
'': { $sshd_tail_additional_options = '' }
}
case $sshd_ensure_version {
'': { $sshd_ensure_version = "present" }
}
case $sshd_print_motd {
'': { $sshd_print_motd = "yes" }
}
case $sshd_shared_ip {
'': { $sshd_shared_ip = "no" }
}
include sshd::client
case $operatingsystem {
gentoo: { include sshd::gentoo }
redhat,centos: { include sshd::redhat }
centos: { include sshd::centos }
openbsd: { include sshd::openbsd }
debian,ubuntu: { include sshd::debian }
default: { include sshd::base }
}
if $use_nagios {
case $nagios_check_ssh {
false: { info("We don't do nagioschecks for ssh on ${fqdn}" ) }
default: {
sshd::nagios{$sshd_ports:
check_hostname => $nagios_check_ssh_hostname ? {
'' => 'absent',
undef => 'absent',
default => $nagios_check_ssh_hostname
}
}
}
}
}
if $use_shorewall{
class{'shorewall::rules::ssh':
ports => $sshd_ports,
}
}
}
Reference in a new issue View git blame Copy permalink