Puppet Class: profile::ssh::server

Defined in:
modules/profile/manifests/ssh/server.pp

Summary

manage the ssh server daemon and config

Overview

Parameters:

  • listen_port (Stdlib::Port) (defaults to: lookup('profile::ssh::server::listen_port'))

    the port to listen on

  • listen_addresses (Array[Stdlib::IP::Address]) (defaults to: lookup('profile::ssh::server::listen_addresses'))

    an array of addresses to listen on

  • permit_root (Ssh::Config::PermitRootLogin) (defaults to: lookup('profile::ssh::server::permit_root'))

    if true allow root logins

  • authorized_keys_file (Array[Stdlib::Unixpath]) (defaults to: lookup('profile::ssh::server::authorized_keys_file'))

    space seperated list of authorized keys files

  • authorized_keys_command (Stdlib::Unixpath) (defaults to: lookup('profile::ssh::server::authorized_keys_command'))

    command to run for authorized keys

  • disable_nist_kex (Boolean) (defaults to: lookup('profile::ssh::server::disable_nist_kex'))

    Allow uses to temporarily opt out of nist kex disabling

  • explicit_macs (Boolean) (defaults to: lookup('profile::ssh::server::explicit_macs'))

    Allow users to opt out of more secure MACs

  • enable_hba (Boolean) (defaults to: lookup('profile::ssh::server::enable_hba'))

    enable host based authentication

  • enable_kerberos (Boolean) (defaults to: lookup('profile::ssh::server::enable_kerberos'))

    enable kerberos

  • disable_agent_forwarding (Boolean) (defaults to: lookup('profile::ssh::server::disable_agent_forwarding'))

    disable agent forwarding

  • challenge_response_auth (Boolean) (defaults to: lookup('profile::ssh::server::challenge_response_auth'))

    Disable all password auth

  • max_sessions (Optional[Integer]) (defaults to: lookup('profile::ssh::server::max_sessions'))

    allow users to override the maximum number ops sessions

  • max_startups (Optional[String[1]]) (defaults to: lookup('profile::ssh::server::max_startups'))

    allow users to override the maximum number ops startups

  • gateway_ports (Boolean) (defaults to: lookup('profile::ssh::server::gateway_ports'))

    if true set sshd_config GatewayPorts to yes

  • accept_env (Array[String[1]]) (defaults to: lookup('profile::ssh::server::accept_env'))

    array of elements for AcceptEnv config



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'modules/profile/manifests/ssh/server.pp', line 17

class profile::ssh::server (
    Stdlib::Port                 $listen_port              = lookup('profile::ssh::server::listen_port'),
    Array[Stdlib::IP::Address]   $listen_addresses         = lookup('profile::ssh::server::listen_addresses'),
    Ssh::Config::PermitRootLogin $permit_root              = lookup('profile::ssh::server::permit_root'),
    Array[Stdlib::Unixpath]      $authorized_keys_file     = lookup('profile::ssh::server::authorized_keys_file'),
    Stdlib::Unixpath             $authorized_keys_command  = lookup('profile::ssh::server::authorized_keys_command'),
    Boolean                      $disable_nist_kex         = lookup('profile::ssh::server::disable_nist_kex'),
    Boolean                      $explicit_macs            = lookup('profile::ssh::server::explicit_macs'),
    Boolean                      $enable_hba               = lookup('profile::ssh::server::enable_hba'),
    Boolean                      $enable_kerberos          = lookup('profile::ssh::server::enable_kerberos'),
    Boolean                      $disable_agent_forwarding = lookup('profile::ssh::server::disable_agent_forwarding'),
    Boolean                      $challenge_response_auth  = lookup('profile::ssh::server::challenge_response_auth'),
    Optional[Integer]            $max_sessions             = lookup('profile::ssh::server::max_sessions'),
    Optional[String[1]]          $max_startups             = lookup('profile::ssh::server::max_startups'),
    Boolean                      $gateway_ports            = lookup('profile::ssh::server::gateway_ports'),
    Array[String[1]]             $accept_env               = lookup('profile::ssh::server::accept_env'),
) {
    class {'ssh::server':
        * => wmflib::dump_params(),
    }
}