Forge Home


Puppet module for openssh


9,209 latest version

2.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.0.11 (latest)
  • 2.0.10
  • 2.0.9
  • 2.0.8
  • 2.0.7
released Jun 30th 2015
This module has been deprecated by its author since Oct 28th 2019.

The reason given was: No longer maintained

The author has suggested ghoneycutt-ssh as its replacement.

Start using this module


example42/openssh — version 2.0.11 Jun 30th 2015

Puppet module: openssh


This module is no more actively maintained and will hardly be updated.

Please find an alternative module from other authors or consider Tiny Puppet as replacement.

If you want to maintain this module, contact Alessandro Franceschi

This is a Puppet openssh module from the second generation of Example42 Puppet Modules.

Made by Alessandro Franceschi / Lab42

Official site:

Official git repository:

Released under the terms of Apache 2 License.

This module requires functions provided by the Example42 Puppi module.

For detailed info about the logic and usage patterns of Example42 modules read README.usage on Example42 main modules set.

USAGE - Basic management

  • Install openssh with default settings

      class { "openssh": }
  • Disable openssh service.

      class { "openssh":
        disable => true
  • Disable openssh service at boot time, but don't stop if is running.

      class { "openssh":
        disableboot => true
  • Remove openssh package

      class { "openssh":
        absent => true
  • Enable auditing without without making changes on existing openssh configuration files

      class { "openssh":
        audit_only => true

USAGE - Overrides and Customizations

  • Use custom sources for main config file

      class { "openssh":
        source => [ "puppet:///modules/lab42/openssh/openssh.conf-${hostname}" , "puppet:///modules/lab42/openssh/openssh.conf" ], 
  • Use custom source directory for the whole configuration dir

      class { "openssh":
        source_dir       => "puppet:///modules/lab42/openssh/conf/",
        source_dir_purge => false, # Set to true to purge any existing file not present in $source_dir
  • Use custom template for main config file

      class { "openssh":
        template => "example42/openssh/openssh.conf.erb",      
  • To manipulate options in your config using the options array you should use this syntax in your config UsePAM <%= scope.function_options_lookup(['UsePAM','no']) %> LogLevel <%= scope.function_options_lookup(['LogLevel','INFO']) %> ListenAddress <%= scope.function_options_lookup(['ListenAddress', '']) %>

  • Define custom options that can be used in a custom template without the need to add parameters to the openssh class

      class { "openssh":
        template => "example42/openssh/openssh.conf.erb",    
        options  => {
          'LogLevel'      => 'INFO',
          'UsePAM'        => 'yes',
          'ListenAddress' => ''
  • Automaticallly include a custom subclass

      class { "openssh:"
        my_class => 'openssh::example42',

== USAGE - Manage a user SSH keys:

  • Use all defaults and place in the user's home directory ssh keys that are stored centrally on the puppet server.

      openssh::key { 'username': }

USAGE - Example42 extensions management

  • Activate puppi (recommended, but disabled by default) Note that this option requires the usage of Example42 puppi module

      class { "openssh": 
        puppi    => true,
  • Activate puppi and use a custom puppi_helper template (to be provided separately with a puppi::helper define ) to customize the output of puppi commands

      class { "openssh":
        puppi        => true,
        puppi_helper => "myhelper", 
  • Activate automatic monitoring (recommended, but disabled by default) This option requires the usage of Example42 monitor and relevant monitor tools modules

      class { "openssh":
        monitor      => true,
        monitor_tool => [ "nagios" , "monit" , "munin" ],
  • Activate automatic firewalling This option requires the usage of Example42 firewall and relevant firewall tools modules

      class { "openssh":       
        firewall      => true,
        firewall_tool => "iptables",
        firewall_src  => "",
        firewall_dst  => "$ipaddress_eth0",

Build Status