Puppet Class: profile::ssh::server

Defined in:: modules/profile/manifests/ssh/server.pp

Summary

manage the ssh server daemon and config

Overview

Parameters:

listen_port (Stdlib::Port) (defaults to: lookup('profile::ssh::server::listen_port')) —

the port to listen on
listen_addresses (Array[Stdlib::IP::Address]) (defaults to: lookup('profile::ssh::server::listen_addresses')) —

an array of addresses to listen on
permit_root (Ssh::Config::PermitRootLogin) (defaults to: lookup('profile::ssh::server::permit_root')) —

if true allow root logins
authorized_keys_file (Array[Stdlib::Unixpath]) (defaults to: lookup('profile::ssh::server::authorized_keys_file')) —

space seperated list of authorized keys files
authorized_keys_command (Stdlib::Unixpath) (defaults to: lookup('profile::ssh::server::authorized_keys_command')) —

command to run for authorized keys
disable_nist_kex (Boolean) (defaults to: lookup('profile::ssh::server::disable_nist_kex')) —

Allow uses to temporarily opt out of nist kex disabling
explicit_macs (Boolean) (defaults to: lookup('profile::ssh::server::explicit_macs')) —

Allow users to opt out of more secure MACs
enable_hba (Boolean) (defaults to: lookup('profile::ssh::server::enable_hba')) —

enable host based authentication
enable_kerberos (Boolean) (defaults to: lookup('profile::ssh::server::enable_kerberos')) —

enable kerberos
disable_agent_forwarding (Boolean) (defaults to: lookup('profile::ssh::server::disable_agent_forwarding')) —

disable agent forwarding
challenge_response_auth (Boolean) (defaults to: lookup('profile::ssh::server::challenge_response_auth')) —

Disable all password auth
max_sessions (Optional[Integer]) (defaults to: lookup('profile::ssh::server::max_sessions')) —

allow users to override the maximum number ops sessions
max_startups (Optional[String[1]]) (defaults to: lookup('profile::ssh::server::max_startups')) —

allow users to override the maximum number ops startups
gateway_ports (Boolean) (defaults to: lookup('profile::ssh::server::gateway_ports')) —

if true set sshd_config GatewayPorts to yes
accept_env (Array[String[1]]) (defaults to: lookup('profile::ssh::server::accept_env')) —

array of elements for AcceptEnv config

# File 'modules/profile/manifests/ssh/server.pp', line 17

class profile::ssh::server (
    Stdlib::Port                 $listen_port              = lookup('profile::ssh::server::listen_port'),
    Array[Stdlib::IP::Address]   $listen_addresses         = lookup('profile::ssh::server::listen_addresses'),
    Ssh::Config::PermitRootLogin $permit_root              = lookup('profile::ssh::server::permit_root'),
    Array[Stdlib::Unixpath]      $authorized_keys_file     = lookup('profile::ssh::server::authorized_keys_file'),
    Stdlib::Unixpath             $authorized_keys_command  = lookup('profile::ssh::server::authorized_keys_command'),
    Boolean                      $disable_nist_kex         = lookup('profile::ssh::server::disable_nist_kex'),
    Boolean                      $explicit_macs            = lookup('profile::ssh::server::explicit_macs'),
    Boolean                      $enable_hba               = lookup('profile::ssh::server::enable_hba'),
    Boolean                      $enable_kerberos          = lookup('profile::ssh::server::enable_kerberos'),
    Boolean                      $disable_agent_forwarding = lookup('profile::ssh::server::disable_agent_forwarding'),
    Boolean                      $challenge_response_auth  = lookup('profile::ssh::server::challenge_response_auth'),
    Optional[Integer]            $max_sessions             = lookup('profile::ssh::server::max_sessions'),
    Optional[String[1]]          $max_startups             = lookup('profile::ssh::server::max_startups'),
    Boolean                      $gateway_ports            = lookup('profile::ssh::server::gateway_ports'),
    Array[String[1]]             $accept_env               = lookup('profile::ssh::server::accept_env'),
) {
    class {'ssh::server':
        * => wmflib::dump_params(),
    }
}