modules/ssh/manifests/init.pp

   1 class ssh {
   2         package {
   3                 openssh-client: ensure => installed;
   4                 openssh-server: ensure => installed;
   5         }
   6
   7         file { "/etc/ssh/ssh_config":
   8                 source  => [ "puppet:///ssh/ssh_config" ],
   9                 require => Package["openssh-client"]
  10                 ;
  11                "/etc/ssh/sshd_config":
  12                 content => template("ssh/sshd_config.erb"),
  13                 require => Package["openssh-server"],
  14                 notify  => Exec["ssh restart"]
  15                 ;
  16               "/etc/ssh/userkeys":
  17                 ensure  => directory,
  18                 owner   => root,
  19                 group   => root,
  20                 mode    => 755,
  21                 ;
  22               "/etc/ssh/userkeys/root":
  23                 content => template("ssh/authorized_keys.erb"),
  24                 mode    => 444,
  25                 require => Package["openssh-server"]
  26                 ;
  27         }
  28
  29         exec { "ssh restart":
  30             path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
  31             refreshonly => true,
  32         }
  33
  34         @ferm::rule { "dsa-ssh":
  35                 description     => "Allow SSH from DSA",
  36                 rule            => "&SERVICE_RANGE(tcp, ssh, \$SSH_SOURCES)"
  37         }
  38         @ferm::rule { "dsa-ssh-v6":
  39                 description     => "Allow SSH from DSA",
  40                 domain          => "ip6",
  41                 rule            => "&SERVICE_RANGE(tcp, ssh, \$SSH_V6_SOURCES)"
  42         }
  43 }