Forge Home

ssh

Puppet ssh module (with strict key/password policy)

10,598 downloads

10,322 latest version

3.8 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.0.3 (latest)
  • 0.0.1
released May 25th 2012

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'kupson-ssh', '0.0.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add kupson-ssh
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install kupson-ssh --version 0.0.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

kupson/ssh — version 0.0.3 May 25th 2012

Ssh module for Puppet

Description

This module installs and configures ssh client/server.

Some features:

  • export/import ssh host keys based on $environment Puppet variable
  • only root can manage ssh_authorized_keys for users (/etc/ssh/authorized_keys/<username>)
  • purges unknown sshkey resources

Sshd configuration:

  • only protocol 2
  • only IPv4
  • internal sftp subsystem
  • disable password authorization
  • only PubKey auth (root account too)

Usage

ssh

Install ssh client and server.

include ssh

ssh::client

Install ssh client and export host key for current $environment. Add 'localhost' key to known hosts.

include ssh::client

ssh::client::allenv

Class ssh::client modified to import ssh host keys from all environments. Suitable for puppet master host or other all-environment nodes.

include ssh::client::allenv

ssh::server

This module install ssh server and configure it as mentioned in module description. Host key is exported with for-env-${environment} tag.

include ssh::server

ssh::params notes

Provide system dependent variables for other classes in this module.

  • Debian (tested on squeeze)
  • Ubuntu (untested, should work)

Providers

ssh_authorized_key (parsed_systemdir)

New provider for ssh_authorized_key type that put authorized_keys files with proper permissions in /etc/ssh/authorized_keys directory.

File mode and ownership example:
-rw-r----- 1 root demo  595 May 24 20:34 /etc/ssh/authorized_keys/demo