modules/ssh/manifests/init.pp

   1 class ssh {
   2
   3         package { [ 'openssh-client', 'openssh-server']:
   4                 ensure => installed
   5         }
   6
   7         service { 'ssh':
   8                 ensure => running
   9         }
  10
  11         @ferm::rule { 'dsa-ssh':
  12                 description => 'Allow SSH from DSA',
  13                 rule        => '&SERVICE_RANGE(tcp, ssh, \$SSH_SOURCES)'
  14         }
  15         @ferm::rule { 'dsa-ssh-v6':
  16                 description => 'Allow SSH from DSA',
  17                 domain      => 'ip6',
  18                 rule        => '&SERVICE_RANGE(tcp, ssh, \$SSH_V6_SOURCES)'
  19         }
  20
  21         file { '/etc/ssh/ssh_config':
  22                 content => template('ssh/ssh_config.erb'),
  23                 require => Package['openssh-client']
  24         }
  25         file { '/etc/ssh/sshd_config':
  26                 content => template('ssh/sshd_config.erb'),
  27                 require => Package['openssh-server'],
  28                 notify  => Service['ssh']
  29         }
  30         file { '/etc/ssh/userkeys':
  31                 ensure  => directory,
  32                 mode    => '0755',
  33                 require => Package['openssh-server']
  34         }
  35         file { '/etc/ssh/userkeys/root':
  36                 content => template('ssh/authorized_keys.erb'),
  37         }
  38 }