Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 8.0.0
- Debian
This module has been deprecated by its author since Dec 10th 2024.
The reason given was: This module is deprecated in favor of saz-ssh.
The author has suggested saz-ssh as its replacement.
Start using this module
Documentation
puppet-module-ssh
Manage ssh client and server.
The module uses exported resources to manage ssh keys and removes ssh keys that are not managed by puppet. This behavior is managed by the parameters ssh_key_ensure and purge_keys.
This module may be used with a simple include ::ssh
The ssh::config_entry defined type may be used directly and is used to manage
Host entries in a personal ~/.ssh/config file.
See also REFERENCE.md
Compatibility
This module has been tested to work on the following systems with the Puppet v5 and v6. See metadata.json for the exact matrix of supported Puppet and OS versions.
If you use the Sun Solaris SSH, please keep in mind that not all parameters can be used.
Unsupported parameters for ssh_config: AddressFamily, Tunnel, TunnelDevice, PermitLocalCommand, HashKnownHosts
Unsupported parameters for sshd_config: KerberosOrLocalPasswd, KerberosTicketCleanup, KerberosGetAFSToken, TCPKeepAlive, ShowPatchLevel, MaxSessions, PermitTunnel
Manage user's ssh_authorized_keys
This works by passing the ssh::keys hash to the ssh_authorized_keys type with create_resources(). Because of this, you may specify any valid parameter for ssh_authorized_key. See the Type Reference for a complete list.
Sample usage
Push authorized key "root_for_userX" and remove key "root_for_userY" through Hiera.
ssh::keys:
root_for_userX:
ensure: present
user: root
type: dsa
key: AAAA...==
apachehup:
ensure: present
user: apachehup
type: rsa
key: 'AAAA...=='
options: 'command="/sbin/service httpd restart"'
root_for_userY:
ensure: absent
user: root
Manage config entries in a personal ssh/config file.
Ssh::Config_entry {
ensure => present,
path => '/home/jenkins/.ssh/config',
owner => 'jenkins',
group => 'jenkins',
}
ssh::config_entry { 'jenkins *':
host => '*',
lines => [
' ForwardX11 no',
' StrictHostKeyChecking no',
],
order => '10',
}
ssh::config_entry { 'jenkins github.com':
host => 'github.com',
lines => [" IdentityFile /home/jenkins/.ssh/jenkins-gihub.key"],
order => '20',
}
Reference
Table of Contents
Classes
ssh: install and manage SSH server and client
Defined types
ssh::config_entry: Create config entries in a users' ~/.ssh/config
Data types
Classes
ssh
install and manage SSH server and client
- Note default values for paramters are managed with hiera data, see files in the
datadirectory. Paramters marked SSH_CONFIG(5) or SSHD_CONFIG(5) are directly used in the configuration as described by the corresponding openssh man page
Examples
Basic usage
include ::ssh
Parameters
The following parameters are available in the ssh class:
config_entrieshiera_mergekeysmanage_firewallmanage_root_ssh_configmanage_servicepackagespermit_root_loginpurge_keysroot_ssh_config_contentservice_enableservice_ensureservice_hasrestartservice_hasstatusservice_namessh_config_ciphersssh_config_forward_agentssh_config_forward_x11_trustedssh_config_forward_x11ssh_config_global_known_hosts_filessh_config_global_known_hosts_groupssh_config_global_known_hosts_listssh_config_global_known_hosts_modessh_config_global_known_hosts_ownerssh_config_groupssh_config_hash_known_hostsssh_config_kexalgorithmsssh_config_macsssh_config_modessh_config_ownerssh_config_pathssh_config_proxy_commandssh_config_sendenv_xmodifiersssh_config_server_alive_intervalssh_config_templatessh_config_user_known_hosts_filessh_config_use_roamingsshd_acceptenvsshd_addressfamilysshd_allow_tcp_forwardingsshd_authorized_keys_commandsshd_authorized_keys_command_usersshd_banner_contentsshd_banner_groupsshd_banner_modesshd_banner_ownersshd_client_alive_count_maxsshd_client_alive_intervalsshd_config_allowagentforwardingsshd_config_allowgroupssshd_config_allowuserssshd_config_authenticationmethodssshd_config_authkey_locationsshd_config_authorized_principals_filesshd_config_bannersshd_config_challenge_resp_authsshd_config_chrootdirectorysshd_config_cipherssshd_config_compressionsshd_config_denygroupssshd_config_denyuserssshd_config_forcecommandsshd_config_groupsshd_config_hostcertificatesshd_config_hostkeysshd_config_kexalgorithmssshd_config_key_revocation_listsshd_config_loglevelsshd_config_login_grace_timesshd_config_macssshd_config_matchsshd_config_maxauthtriessshd_config_maxsessionssshd_config_maxstartupssshd_config_modesshd_config_ownersshd_config_pathsshd_config_permitemptypasswordssshd_config_permittunnelsshd_config_permituserenvironmentsshd_config_portsshd_config_print_last_logsshd_config_print_motdsshd_config_serverkeybitssshd_config_strictmodessshd_config_subsystem_sftpsshd_config_syslog_facilitysshd_config_tcp_keepalivesshd_config_templatesshd_config_trustedusercakeyssshd_config_use_dnssshd_config_use_privilege_separationsshd_config_xauth_locationsshd_gssapiauthenticationsshd_gssapicleanupcredentialssshd_gssapikeyexchangesshd_hostbasedauthenticationsshd_ignorerhostssshd_ignoreuserknownhostssshd_kerberos_authenticationsshd_listen_addresssshd_pamauthenticationviakbdintsshd_password_authenticationsshd_pubkeyacceptedkeytypessshd_pubkeyauthenticationsshd_use_pamsshd_x11_forwardingsshd_x11_use_localhostssh_enable_ssh_keysignssh_gssapiauthenticationssh_gssapidelegatecredentialsssh_hostbasedauthenticationssh_key_ensuressh_key_importssh_key_typessh_package_adminfilessh_package_sourcessh_sendenvssh_strict_host_key_checking
config_entries
Data type: Hash
parameter for ssh::config_entry factory
Default value: {}
hiera_merge
Data type: Boolean
merge all found instances of ssh::keys and ssh::config_entries in hiera if true
Default value: false
keys
Data type: Optional[Hash]
keys for user's ~/.ssh/authorized_keys
Default value: undef
manage_firewall
Data type: Boolean
enable/disable firewall rule for ports configured in $sshd_config_port
Default value: false
manage_root_ssh_config
Data type: Boolean
enable/disable management fo root users ssh_config
Default value: false
manage_service
Data type: Boolean
enable/disable management of sshd service
Default value: true
packages
Data type: Array[String]
which packages to install
Default value: ['openssh-client', 'openssh-server']
permit_root_login
Data type: Ssh::Permit_root_login
SSHD_CONFIG(5) PermitRootLogin
Default value: 'yes'
purge_keys
Data type: Boolean
enable/disable purging of all unmanaged ssh keys
Default value: true
root_ssh_config_content
Data type: String
content of ssh config file for the root user
Default value: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n"
service_enable
Data type: Boolean
enable parameter for sshd service resource
Default value: true
service_ensure
Data type: String
ensure parameter for sshd service resource
Default value: 'running'
service_hasrestart
Data type: Boolean
hasrestart parameter for sshd service resource
Default value: true
service_hasstatus
Data type: Boolean
hasstatus parameter for sshd service resource
Default value: true
service_name
Data type: String
name name parameter for sshd service resource
Default value: 'sshd'
ssh_config_ciphers
Data type: Optional[Array[String]]
SSH_CONFIG(5) Ciphers
Default value: undef
ssh_config_forward_agent
Data type: Optional[String]
SSH_CONFIG(5) ForwardAgent
Default value: undef
ssh_config_forward_x11_trusted
Data type: Optional[Enum['yes','no']]
SSH_CONFIG(5) ForwardX11Trusted
Default value: undef
ssh_config_forward_x11
Data type: Optional[String]
SSH_CONFIG(5) ForwardX11
Default value: undef
ssh_config_global_known_hosts_file
Data type: Stdlib::Absolutepath
SSH_CONFIG(5) GlobalKnownHostsFile
Default value: '/etc/ssh/ssh_known_hosts'
ssh_config_global_known_hosts_group
Data type: String
group mode for GlobalKnownHostsFile
Default value: 'root'
ssh_config_global_known_hosts_list
Data type: Optional[Array[Stdlib::Absolutepath]]
extra elements to append to GlobalKnownHostsFile
Default value: undef
ssh_config_global_known_hosts_mode
Data type: Stdlib::Filemode
file mode for GlobalKnownHostsFile
Default value: '0644'
ssh_config_global_known_hosts_owner
Data type: String
owner for GlobalKnownHostsFile
Default value: 'root'
ssh_config_group
Data type: String
group for ssh config file
Default value: 'root'
ssh_config_hash_known_hosts
Data type: Optional[Enum['yes','no']]
SSH_CONFIG(5) HashKnownHosts
Default value: undef
ssh_config_kexalgorithms
Data type: Optional[Array[String]]
SSH_CONFIG(5) KexAlgorithms
Default value: undef
ssh_config_macs
Data type: Optional[Array[String]]
SSH_CONFIG(5) MACs
Default value: undef
ssh_config_mode
Data type: Stdlib::Filemode
file mode for ssh config file
Default value: '0644'
ssh_config_owner
Data type: String
owner for ssh config file
Default value: 'root'
ssh_config_path
Data type: String
path for ssh config file
Default value: '/etc/ssh/ssh_config'
ssh_config_proxy_command
Data type: Optional[String]
SSH_CONFIG(5) ssh_config_proxy_command
Default value: undef
ssh_config_sendenv_xmodifiers
Data type: Boolean
SSH_CONFIG(5) ssh_config_sendenv_xmodifiers
Default value: false
ssh_config_server_alive_interval
Data type: Optional[String]
SSH_CONFIG(5) ssh_config_server_alive_interval
Default value: undef
ssh_config_template
Data type: String
puppet template to use for ssh config
Default value: 'ssh/ssh_config.erb'
ssh_config_user_known_hosts_file
Data type: Optional[Array[String]]
SSH_CONFIG(5) UserKnownHostsFile
Default value: undef
ssh_config_use_roaming
Data type: Optional[Enum['yes','no','unset']]
SSH_CONFIG(5) UseRoaming
Default value: undef
sshd_acceptenv
Data type: Boolean
enable/disable AcceptEnv options for specifying environment variables
Default value: true
sshd_addressfamily
Data type: Optional[Pattern[/^(any|inet|inet6)$/]]
SSHD_CONFIG(5) sshd_addressfamily
Default value: undef
sshd_allow_tcp_forwarding
Data type: Enum['yes','no']
SSHD_CONFIG(5) sshd_allow_tcp_forwarding
Default value: 'yes'
sshd_authorized_keys_command
Data type: Optional[Stdlib::Absolutepath]
SSHD_CONFIG(5) AuthorizedKeysCommand
Default value: undef
sshd_authorized_keys_command_user
Data type: Optional[String]
SSHD_CONFIG(5) AuthorizedKeysCommandUser
Default value: undef
sshd_banner_content
Data type: Optional[String]
content of ssh banner file
Default value: undef
sshd_banner_group
Data type: String
group of ssh banner file
Default value: 'root'
sshd_banner_mode
Data type: Stdlib::Filemode
file mode of ssh banner file
Default value: '0644'
sshd_banner_owner
Data type: String
owner of ssh banner file
Default value: 'root'
sshd_client_alive_count_max
Data type: Integer
SSHD_CONFIG(5) ClientAliveCountMax
Default value: 3
sshd_client_alive_interval
Data type: Integer
SSHD_CONFIG(5) ClientAliveInterval
Default value: 0
sshd_config_allowagentforwarding
Data type: Optional[Enum['yes','no']]
SSHD_CONFIG(5) AllowAgentForwarding
Default value: undef
sshd_config_allowgroups
Data type: Array[String]
SSHD_CONFIG(5) AllowGroups
Default value: []
sshd_config_allowusers
Data type: Array[String]
SSHD_CONFIG(5) AllowUsers
Default value: []
sshd_config_authenticationmethods
Data type: Optional[Array[String]]
SSHD_CONFIG(5) AuthenticationMethods
Default value: undef
sshd_config_authkey_location
Data type: Optional[String]
SSHD_CONFIG(5) AuthorizedKeysFile
Default value: undef
sshd_config_authorized_principals_file
Data type: Optional[String]
SSHD_CONFIG(5) AuthorizedPrincipalsFile
Default value: undef
sshd_config_banner
Data type: Optional[Stdlib::Absolutepath]
SSHD_CONFIG(5) Banner
Default value: undef
sshd_config_challenge_resp_auth
Data type: String
SSHD_CONFIG(5) ChallengeResponseAuthentication
Default value: 'yes'
sshd_config_chrootdirectory
Data type: Optional[Stdlib::Absolutepath]
SSHD_CONFIG(5) ChrootDirectory
Default value: undef
sshd_config_ciphers
Data type: Optional[Array[String]]
SSHD_CONFIG(5) Ciphers
Default value: undef
sshd_config_compression
Data type: Optional[Enum['yes','no','delayed']]
SSHD_CONFIG(5) Compression
Default value: undef
sshd_config_denygroups
Data type: Array[String]
SSHD_CONFIG(5) DenyGroups
Default value: []
sshd_config_denyusers
Data type: Array[String]
SSHD_CONFIG(5) DenyUsers
Default value: []
sshd_config_forcecommand
Data type: Optional[String]
SSHD_CONFIG(5) DenyGroups
Default value: undef
sshd_config_group
Data type: String
group of sshd config file
Default value: 'root'
sshd_config_hostcertificate
Data type: Optional[Array[Stdlib::Absolutepath]]
SSHD_CONFIG(5) HostCertificate
Default value: undef
sshd_config_hostkey
Data type: Array[Stdlib::Absolutepath]
SSHD_CONFIG(5) HostKey
Default value: ['/etc/ssh/ssh_host_rsa_key']
sshd_config_kexalgorithms
Data type: Optional[Array[String]]
SSHD_CONFIG(5) KexAlgorithms
Default value: undef
sshd_config_key_revocation_list
Data type: Optional[Stdlib::Absolutepath]
SSHD_CONFIG(5) RevokedKeys
Default value: undef
sshd_config_loglevel
Data type: Enum['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE']
SSHD_CONFIG(5) LogLevel
Default value: 'INFO'
sshd_config_login_grace_time
Data type: String
SSHD_CONFIG(5) LoginGraceTime
Default value: '120'
sshd_config_macs
Data type: Optional[Array[String]]
SSHD_CONFIG(5) MACs
Default value: undef
sshd_config_match
Data type: Optional[Hash]
SSHD_CONFIG(5) Hash for matches with nested arrays for options for the Match directive for the SSH daemon. Match directive is supported on SSH >= 5.x.
Default value: undef
sshd_config_maxauthtries
Data type: Optional[Integer]
SSHD_CONFIG(5) MaxAuthTries
Default value: undef
sshd_config_maxsessions
Data type: Optional[Integer]
SSHD_CONFIG(5) MaxSessions
Default value: undef
sshd_config_maxstartups
Data type: Optional[Pattern[/^((\d+)|(\d+?:\d+?:\d+)?)$/]]
SSHD_CONFIG(5) MaxStartups
Default value: undef
sshd_config_mode
Data type: Stdlib::Filemode
file mode of sshd config file
Default value: '0600'
sshd_config_owner
Data type: String
owner of sshd config file
Default value: 'root'
sshd_config_path
Data type: String
path of sshd config file
Default value: '/etc/ssh/sshd_config'
sshd_config_permitemptypasswords
Data type: Optional[Enum['yes','no']]
SSHD_CONFIG(5) PermitEmptyPasswords
Default value: undef
sshd_config_permittunnel
Data type: Optional[Enum['yes','no','point-to-point','ethernet']]
SSHD_CONFIG(5) PermitTunnel
Default value: undef
sshd_config_permituserenvironment
Data type: Optional[Enum['yes','no']]
SSHD_CONFIG(5) PermitUserEnvironment
Default value: undef
sshd_config_port
Data type: Array[Stdlib::Port]
SSHD_CONFIG(5) Port
Default value: [22]
sshd_config_print_last_log
Data type: Optional[Enum['yes','no']]
SSHD_CONFIG(5) PrintLastLog
Default value: undef
sshd_config_print_motd
Data type: String
SSHD_CONFIG(5) PrintMotd
Default value: 'yes'
sshd_config_serverkeybits
Data type: Optional[String]
SSHD_CONFIG(5) ServerKeyBits
Default value: undef
sshd_config_strictmodes
Data type: Optional[Enum['yes','no']]
SSHD_CONFIG(5) StrictModes
Default value: undef
sshd_config_subsystem_sftp
Data type: String
SSHD_CONFIG(5) Subsystem
Default value: '/usr/lib/openssh/sftp-server'
sshd_config_syslog_facility
Data type: String
SSHD_CONFIG(5) SyslogFacility
Default value: 'AUTH'
sshd_config_tcp_keepalive
Data type: Optional[Enum['yes','no']]
SSHD_CONFIG(5) TCPKeepAlive
Default value: undef
sshd_config_template
Data type: String
SSHD_CONFIG(5) puppet template to use for sshd config file
Default value: 'ssh/sshd_config.erb'
sshd_config_trustedusercakeys
Data type: Optional[Stdlib::Absolutepath]
SSHD_CONFIG(5) TrustedUserCAKeys
Default value: undef
sshd_config_use_dns
Data type: Optional[Enum['yes','no']]
SSHD_CONFIG(5) UseDNS
Default value: undef
sshd_config_use_privilege_separation
Data type: Optional[Enum['yes','no','sandbox']]
SSHD_CONFIG(5) UsePrivilegeSeparation
Default value: undef
sshd_config_xauth_location
Data type: Optional[Stdlib::Absolutepath]
SSHD_CONFIG(5) XAuthLocation
Default value: undef
sshd_gssapiauthentication
Data type: Enum['yes','no']
SSHD_CONFIG(5) GSSAPIAuthentication
Default value: 'yes'
sshd_gssapicleanupcredentials
Data type: Optional[Enum['yes','no']]
SSHD_CONFIG(5) GSSAPICleanupCredentials
Default value: undef
sshd_gssapikeyexchange
Data type: Optional[Enum['yes','no']]
SSHD_CONFIG(5) GSSAPIKeyExchange
Default value: undef
sshd_hostbasedauthentication
Data type: Enum['yes','no']
SSHD_CONFIG(5) HostbasedAuthentication
Default value: 'no'
sshd_ignorerhosts
Data type: Enum['yes','no']
SSHD_CONFIG(5) IgnoreRhosts
Default value: 'yes'
sshd_ignoreuserknownhosts
Data type: Enum['yes','no']
SSHD_CONFIG(5) IgnoreUserKnownHosts
Default value: 'no'
sshd_kerberos_authentication
Data type: Optional[Enum['yes','no']]
SSHD_CONFIG(5) KerberosAuthentication
Default value: undef
sshd_listen_address
Data type: Optional[Array[String]]
SSHD_CONFIG(5) ListenAddress
Default value: undef
sshd_pamauthenticationviakbdint
Data type: Optional[Enum['yes','no']]
SSHD_CONFIG(5) PAMAuthenticationViaKBDInt
Default value: undef
sshd_password_authentication
Data type: Enum['yes','no']
SSHD_CONFIG(5) PasswordAuthentication
Default value: 'yes'
sshd_pubkeyacceptedkeytypes
Data type: Optional[Array[String]]
SSHD_CONFIG(5) PubkeyAcceptedKeyTypes
Default value: undef
sshd_pubkeyauthentication
Data type: Enum['yes','no']
SSHD_CONFIG(5) PubkeyAuthentication
Default value: 'yes'
sshd_use_pam
Data type: Optional[Enum['yes','no']]
SSHD_CONFIG(5) UsePAM
Default value: undef
sshd_x11_forwarding
Data type: Enum['yes','no']
SSHD_CONFIG(5) X11Forwarding
Default value: 'yes'
sshd_x11_use_localhost
Data type: Enum['yes','no']
SSHD_CONFIG(5) X11UseLocalhost
Default value: 'yes'
ssh_enable_ssh_keysign
Data type: Optional[Enum['yes','no']]
SSH_CONFIG(5) EnableSSHKeysign
Default value: undef
ssh_gssapiauthentication
Data type: Enum['yes','no']
SSH_CONFIG(5) GSSAPIAuthentication
Default value: 'yes'
ssh_gssapidelegatecredentials
Data type: Optional[Enum['yes','no']]
SSH_CONFIG(5) GSSAPIDelegateCredentials
Default value: undef
ssh_hostbasedauthentication
Data type: Optional[Enum['yes','no']]
SSH_CONFIG(5) HostbasedAuthentication
Default value: undef
ssh_key_ensure
Data type: String
enable/disable to export node sshkey resource
Default value: 'present'
ssh_key_import
Data type: Boolean
enable/disable to import all exported node sshkey resources
Default value: true
ssh_key_type
Data type: SSH::Key_type
encryption type for SSH key.
Default value: 'ssh-rsa'
ssh_package_adminfile
Data type: Optional[Stdlib::Absolutepath]
adminfile paramter for package resources
Default value: undef
ssh_package_source
Data type: Optional[Stdlib::Absolutepath]
source paramter for package resources
Default value: undef
ssh_sendenv
Data type: Boolean
enable/disable of SendEnv options for specifying environment variables
Default value: true
ssh_strict_host_key_checking
Data type: Optional[Enum['yes','no','ask']]
SSH_CONFIG(5) StrictHostKeyChecking
Default value: undef
Defined types
ssh::config_entry
@ see https://man.openbsd.org/ssh_config
Examples
Basic usage
ssh::config_entry { 'jenkins github.com':
host => 'github.com',
lines => [" IdentityFile /home/jenkins/.ssh/jenkins-gihub.key"],
order => '20',
}
Parameters
The following parameters are available in the ssh::config_entry defined type:
owner
Data type: String
group
Data type: String
path
Data type: String
host
Data type: String
order
Data type: Variant[String, Integer]
Default value: '10'
ensure
Data type: String
Default value: 'present'
lines
Data type: Array[String]
Default value: []
Data types
SSH::Key_type
The SSH::Key_type data type.
Alias of Enum['ssh-rsa', 'rsa', 'ssh-dsa', 'dsa', 'ecdsa-sha2-nistp256', 'ssh-ed25519']
Ssh::Log_level
The Ssh::Log_level data type.
Alias of Enum['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE', 'DEBUG', 'DEBUG1', 'DEBUG2', 'DEBUG3']
Ssh::Permit_root_login
The Ssh::Permit_root_login data type.
Alias of Enum['yes', 'prohibit-password', 'without-password', 'forced-commands-only', 'no']
Ssh::Syslog_facility
The Ssh::Syslog_facility data type.
Alias of Enum['DAEMON', 'USER', 'AUTH', 'LOCAL0', 'LOCAL1', 'LOCAL2', 'LOCAL3', 'LOCAL4', 'LOCAL5', 'LOCAL6', 'LOCAL7', 'AUTHPRIV']
Ssh::Yes_no
The Ssh::Yes_no data type.
Alias of Enum['yes', 'no']
Change log
v5.0.0 (2023-06-21)
Changed
- update pdk templates
- Allow ssh-ed25519 hostkeys
Breaking changes
- drop puppet 6 support
- drop all OS support except for Debian
v4.0.2 (2020-06-02)
Changed
- update pdk templates
- add empty hash to
data/common.yaml(PDK-1633) - drop puppet 5 support
- use litmusimage in acceptance test
v4.0.1 (2019-09-13)
Changed
- Use type aliases for some paramters
- Reformat changelog
- generate firewall rules for all port in
$sshd_config_portinstead of fixed port 22 - add REFERENCE.md
- use puppet strings for documentation
- add basic acceptance test
v4.0.0 - 2019-10-13
- convert to use pdk
- use types
- update list of supported OSes
- BREAKING: manage_root_ssh_config doe not accept strings anymore
- BREAKING: sshd_config_port requires an array of Stdlib::Port now
- BREAKING: sshd_config_hostcertificate requires an array of Stdlib::Absolutepath now
- BREAKING: ssh_config_sendenv_xmodifiers must be a Boolean now
- BREAKING: hiera_merge must be a Boolean now
- BREAKING: ssh_config_hash_known_hosts,sshd_config_authorized_principals_file,sshd_config_permittunnel and sshd_config_tcp_keepalive do not support 'unset' anymore
- BREAKING: sshd_config_trustedusercakeys and sshd_config_key_revocation_list does not support 'unset' and 'none' anymore
v3.62.0 - 2019-09-17
- Support Debian 10
v3.61.0 - 2019-05-01
- Support Debian 8
- Support Ubuntu 18.04 LTS
v3.60.1 - 2019-04-29
- Fix screwed up metadata
v3.60.0 - 2019-04-29
- Support Debian 9
- Add ability for IPv6 addresses to be exported as part of the sshkey for the FQDN.
v3.59.1 - 2019-02-28
- Put Match block at end of sshd_config
v3.59.0 - 2018-01-03
- Support Puppet 6
v3.58.0 - 2018-10-08
- Add RevokedKeys option to
sshd_config
v3.57.1 - 2018-07-27
- Disable ServerkeyBits on RHEL 7.4 and later
v3.57.0 - 2017-12-10
- Add support for AuthenticationMethods and AllowAgentForwarding options in sshd_config
v3.56.1 - 2017-11-20
- Fix regex bug with
sshd_config_maxstartups
v3.56.0 - 2017-10-27
- Support puppetlabs/concat v3 and v4
v3.55.0 - 2017-09-26
- Add
ssh::config_entrydefined type to manage~/.ssh/config - Add
config_entriesparameter to ssh class to allow specifying a hash of multiple entries forssh::config_entry.
v3.54.0 - 2017-07-24
- Allow sshd_config_hostcertificate to be an array. This fixes a bug
where you could have specified one cert and multiple HostKey's since
sshd_config_hostkeyallows an array. - Add parameter
sshd_config_authorized_principals_fileto manage theAuthorizedPrincipalsFilesetting insshd_config.
v3.53.0 - 2017-07-24
- Support only latest Puppet v3
- Support only last few releases on Puppet v4
- Add support for Puppet v5
v3.52.0 - 2017-05-26
- Add params for Add PrintLastLog, UsePrivilegeSeparation, and Compression options in sshd_config.
v3.51.1 - 2017-05-19
- Ensure that ssh_known_hosts requires the ssh packages
v3.51.0 - 2017-05-17
- Add params sshd_config_hostcertificate and sshd_config_trustedusercakeys to set HostCertificate and TrustedUserCAKeys.
v3.50.0 - 2017-05-08
- Add param sshd_pubkeyacceptedkeytypes to set PubkeyAcceptedKeyTypes
v3.49.1 - 2017-02-27
- Fix parameters not compatible with Solaris
- Add support for Puppet v4.9
v3.49.0 - 2016-10-25
- Add support for PermitTunnel in sshd_config
v3.48.0 - 2016-10-20
- Add support for ProxyCommand
v3.47.0 - 2016-10-19
- Add support for KexAlgorithms
v3.46.0 - 2016-10-04
- Add sshd_x11_use_localhost parameter
v3.45.0 - 2016-08-30
- Add support for Ubuntu 16.04 LTS
v3.44.0 - 2016-08-28
- Add support for TCPKeepAlive in sshd_config
v3.43.0 - 2016-08-08
- Add support for Ruby 2.3.1 with Puppet v4
v3.42.0 - 2016-06-24
- Add support for managing sshd_config options PermitUserEnvironment and PermitEmptyPasswords
v3.41.1 - 2016-06-20
- Update years in LICENSE
v3.41.0 - 2016-06-20
- Add ability to specify an array for GlobalKnownHostsFile in ssh_config.
- Add support for UserKnownHostsFile in ssh_config.
v3.40.0 - 2016-06-09
- Add ability to specify multiple ports
v3.39.0 - 2016-06-08
- Allow ecdsa-sha2-nistp256 hostkeys
- Add host_aliases attribute to sshkey resource
- Add support for PubkeyAuthentication in sshd_config
v3.38.0 - 2016-06-06
- Add param to manage MaxAuthTries in sshd_config
v2.0.0 - 2013-05-16 Garrett Honeycutt code@garretthoneycutt.com
- Rebirth
Dependencies
- puppetlabs/stdlib (>= 6.0.0 < 10.0.0)
- puppetlabs/concat (>= 2.0.0 < 10.0.0)
- puppetlabs/firewall (>= 1.9.0 < 6.0.0)
- puppetlabs/sshkeys_core (>= 1.0.1 <3.0.0)
Copyright (C) 2010-2019 Garrett Honeycutt <code@garretthoneycutt.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.