Forge Home

Modules

Puppet

Resources

PuppetEcosystemPuppet CommunityUpdates

ssh

Manages SSH
Project URLRSS FeedReport issues

2,369,461 downloads

5,927 latest version

3.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 5.0.0 (latest)
  • 4.1.0
  • 4.0.0
  • 3.62.0
  • 3.61.0
  • 3.60.1
  • 3.60.0
  • 3.59.0
  • 3.58.0
  • 3.57.1
  • 3.57.0
  • 3.56.1
  • 3.56.0
  • 3.55.0
  • 3.54.0
  • 3.53.0
  • 3.52.0
  • 3.51.1
  • 3.51.0
  • 3.49.1
  • 3.49.0
  • 3.48.0
  • 3.47.0
  • 3.46.0
  • 3.45.0
  • 3.44.0
  • 3.43.0
  • 3.42.0
  • 3.41.1
  • 3.41.0
  • 3.40.0
  • 3.39.0
  • 3.38.0
  • 3.37.1
  • 3.37.0
  • 3.36.0
  • 3.34.0
  • 3.33.1
  • 3.31.0
  • 3.30.0
  • 3.29.0 (deleted)
  • 3.28.0
  • 3.27.1
  • 3.27.0
  • 3.25.0
  • 3.24.0
  • 3.23.1
  • 3.23.0
  • 3.22.0
  • 3.21.0
  • 3.20.0
  • 3.19.1
  • 3.19.0
  • 3.18.0
  • 3.17.0
  • 3.16.0
  • 3.15.2
  • 3.15.1
  • 3.15.0
  • 3.14.0
  • 3.13.0
  • 3.12.0
  • 3.11.0
  • 3.9.0
  • 3.8.0
  • 3.7.0
  • 3.6.0
  • 3.5.0
  • 3.4.0
  • 3.3.0
  • 3.2.1
  • 3.2.0
  • 1.0.3
  • 1.0.1 (deleted)
  • 1.0.0 (deleted)
released Nov 14th 2013

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'ghoneycutt-ssh', '3.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add ghoneycutt-ssh
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install ghoneycutt-ssh --version 3.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: ssh, security, openssh, sshd, sshkey

Documentation

ghoneycutt/ssh — version 3.2.0 Nov 14th 2013

puppet-module-ssh

Manage ssh client and server.

The module uses exported resources to manage ssh keys and removes ssh keys that are not managed by puppet. This behavior is managed by the parameters ssh_key_ensure and purge_keys.

===

Compatability

This module has been tested to work on the following systems with Puppet v3.

  • Debian 7
  • EL 5
  • EL 6
  • SLES 11
  • Ubuntu 12.04 LTS

===

Parameters

ssh_config_path

Path to ssh_config.

  • Default: '/etc/ssh/ssh_config'

ssh_config_owner

ssh_config's owner.

  • Default: 'root'

ssh_config_group

ssh_config's group.

  • Default: 'root'

ssh_config_mode

ssh_config's mode.

  • Default: '0644'

ssh_config_forward_x11

ForwardX11 option in ssh_config. Not set by default.

  • Default: undef

ssh_config_forward_agent

ForwardAgent option in ssh_config. Not set by default.

  • Default: undef

ssh_config_server_alive_interval

ServerAliveInterval option in ssh_config. Not set by default.

  • Default: undef

ssh_config_sendenv_xmodifiers

Boolean to set 'SendEnv XMODIFIERS' in ssh_config.

  • Default: false

sshd_config_path

Path to sshd_config.

  • Default: '/etc/ssh/sshd_config

sshd_config_owner

sshd_config's owner.

  • Default: 'root'

sshd_config_group

sshd_config's group.

  • Default: 'root'

sshd_config_mode

sshd_config's mode.

  • Default: '0600'

sshd_config_port

String to specify listen port for sshd. Port option in sshd_config.

  • Default: 22

sshd_config_syslog_facility

SyslogFacility option in sshd_config.

  • Default: 'AUTH'

sshd_config_login_grace_time

LoginGraceTime option in sshd_config.

  • Default: '120'

sshd_config_challenge_resp_auth

ChallengeResponseAuthentication option in sshd_config.

  • Default: 'no'

sshd_config_print_motd

PrintMotd option in sshd_config.

  • Default: 'yes'

sshd_config_use_dns

UseDNS option in sshd_config.

  • Default: 'yes'

sshd_config_banner

Banner option in sshd_config.

  • Default: 'none'

sshd_config_xauth_location

XAuthLocation option in sshd_config.

  • Default: '/usr/bin/xauth'

sshd_config_subsystem_sftp

Path to sftp file transfer subsystem in sshd_config.

  • Default: '/usr/libexec/openssh/sftp-server'

sshd_password_authentication

PasswordAuthentication in sshd_config. Specifies whether password authentication is allowed.

  • Default: 'yes'

sshd_allow_tcp_forwarding

AllowTcpForwarding in sshd_config. Specifies whether TCP forwarding is permitted.

  • Default: 'yes'

sshd_x11_forwarding

X11Forwarding in sshd_config. Specifies whether X11 forwarding is permitted.

  • Default: 'no'

sshd_use_pam

UsePam in sshd_config. Enables the Pluggable Authentication Module interface. If set to 'yes' this will enable PAM authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition to PAM account and session module processing for all authentication types.

  • Default: 'no'

sshd_client_alive_interval

ClientAliveInterval in sshd_config. Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. This option applies to protocol version 2 only.

  • Default: '0'

keys

Hash of keys for user's ~/.ssh/authorized_keys

  • Default: undefined

packages

Array of package names used for installation.

  • Default: Based on OS

permit_root_login

Allow root login. Valid values are 'yes', 'without-password', 'forced-commands-only', and 'no'.

  • Default: yes

purge_keys

Remove keys not managed by puppet.

  • Default: 'true'

manage_firewall

Open firewall for SSH service.

  • Default: false

service_ensure

Ensure SSH service is running. Valid values are 'stopped' and 'running'.

  • Default: 'running'

service_name

Name of the SSH service.

  • Default: Based on OS

service_enable

Start SSH at boot. Valid values are 'true', 'false' and 'manual'.

  • Default: 'true'

service_hasrestart

Specify that the init script has a restart command. Valid values are 'true' and 'false'.

  • Default: 'true'

service_hasstatus

Declare whether the service's init script has a functional status command. Valid values are 'true' and 'false'

  • Default: 'true'

ssh_key_ensure

Export node SSH key. Valid values are 'present' and 'absent'.

  • Default: 'present'

ssh_key_type

Encryption type for SSH key. Valid values are 'rsa', 'dsa', 'ssh-dss' and 'ssh-rsa'

  • Default: 'ssh-rsa'

manage_root_ssh_config

Manage SSH config of root. Valid values are 'true' and 'false'.

  • Default: 'false'

root_ssh_config_content

Content of root's ~/.ssh/config.

  • Default: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n"

===

Manage user's ssh_authorized_keys

This works by passing the ssh::keys hash to the ssh_authorized_keys type with create_resources(). Because of this, you may specify any valid parameter for ssh_authorized_key. See the Type Reference for a complete list.

Sample usage:

Push authorized key "root_for_userX" and remove key "root_for_userY" through Hiera.