Forge Home

ssh

Puppet ssh management module

2,482 downloads

1,021 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 3.0.0 (latest)
  • 2.1.0
  • 2.0.0
released Jul 5th 2023
This version is compatible with:
  • Puppet Enterprise 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • OpenBSD, , Darwin, , , Archlinux

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'opuscodium-ssh', '3.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add opuscodium-ssh
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install opuscodium-ssh --version 3.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

opuscodium/ssh — version 3.0.0 Jul 5th 2023

Puppet managed SSH infrastructure

Puppet Forge Build Status Donated by xaque208

A Puppet module for managing OpenSSH servers and configurations. The goals of this module is to provide a flexible yet complete approach to managing OpenSSH infrastructure.

In the case of the sshd server, the entire sshd_config file is managed, not just the options chosen. For this reason, is is important to understand which options you wish to actually be using and enable those through the module. This module does not (and should not) attempt to understand the compile-time options for every Linux or BSD used in the delivery of the platform, nor any patches that have been added.

The options available on for tuning in the ssh::server::config class were originally taken from the OpenBSD 5.8 sshd_config(5) man page. The goal here is to keep up with the options as they are released, reviewing release notes for new versions as they are available.

Usage

ssh::allowgroup

Easily allow a POSIX group in with AllowGroups.

ssh::allowgroup { 'admins': }

ssh::hosts

Distribute SSH host keys to all systems in the fleet.

include ssh::hosts

ssh::keygen

The ssh::keygen define type allows users to generate SSH keys of a given type and size, and optionally specify the location of the resulting key.

ssh::keygen { 'Root ECDSA':
  type   => 'ecdsa',
  size   => 521,
}

Optionally, users may also specify a target, which will modify the ssh-keygen command to write the resulting data to the given file.

ssh::client

Manage the ssh_config(5) file. See also the ssh::client::config class.

include ssh::config

The ssh_config(5) options available are configured in one of two ways. Either the values for the desired options are managed through the use of the ssh::client::config class (which you can use hiera to set values on), or through defined types of their own.

Here is an example of how the options might be set for an SSH client.

ssh::client::config::forwardagent: 'yes'
ssh::client::config::verifyhostkeydns: 'yes'

Note that the options as passed to the ssh::client::config class are lower cased. The only exception to this is the LogLevel parameter which is manged through the log_level parameter. This is to avoid the loglevel meta-parameter for Puppet resources.

ssh::server

Manage the sshd_config(5) file and its daemon, sshd(8). See also the ssh::server::config class.

include ssh::server

The sshd_config(5) options available are configured in one of two ways. Either the values for the desired options are managed through the use of the ssh::server::config class (which you can use hiera to set values on), or through defined types of their own.

Here is an example of how the options might be set for an SSH server daemon.

ssh::server::config::has_pam: 'yes'
ssh::server::config::usepam: 'yes'
ssh::server::config::authenticationmethods: 'publickey,keyboard-interactive'

Note that the options as passed to the ssh::server::config class are lower cased. The only exception to this is the LogLevel parameter which is manged through the log_level parameter. This is to avoid the loglevel meta-parameter for Puppet resources.