modules/ssh/manifests/init.pp

   1 class ssh {
   2
   3         package { [ 'openssh-client', 'openssh-server']:
   4                 ensure => installed
   5         }
   6
   7         service { 'ssh':
   8                 ensure  => running,
   9                 require => Package['openssh-server']
  10         }
  11
  12         @ferm::rule { 'dsa-ssh':
  13                 description => 'Allow SSH from DSA',
  14                 rule        => '&SERVICE_RANGE(tcp, ssh, $SSH_SOURCES)'
  15         }
  16         @ferm::rule { 'dsa-ssh-v6':
  17                 description => 'Allow SSH from DSA',
  18                 domain      => 'ip6',
  19                 rule        => '&SERVICE_RANGE(tcp, ssh, $SSH_V6_SOURCES)'
  20         }
  21
  22         file { '/etc/ssh/ssh_config':
  23                 content => template('ssh/ssh_config.erb'),
  24                 require => Package['openssh-client']
  25         }
  26         file { '/etc/ssh/sshd_config':
  27                 content => template('ssh/sshd_config.erb'),
  28                 require => Package['openssh-server'],
  29                 notify  => Service['ssh']
  30         }
  31         file { '/etc/ssh/userkeys':
  32                 ensure  => directory,
  33                 mode    => '0755',
  34                 require => Package['openssh-server']
  35         }
  36         file { '/etc/ssh/userkeys/root':
  37                 content => template('ssh/authorized_keys.erb'),
  38         }
  39
  40         if ($::lsbmajdistrelease >= 8) {
  41                 if ! $has_etc_ssh_ssh_host_ed25519_key {
  42                         exec { 'create-ed25519-host-key':
  43                                 command => 'ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -q -P "" -t ed25519',
  44                         }
  45                 }
  46         }
  47 }