Forge Home

3,381,451 downloads

6,288 latest version

3.4 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 12.1.0 (latest)
  • 12.0.1
  • 12.0.0
  • 11.2.0
  • 11.1.0
  • 11.0.0
  • 10.2.0
  • 10.1.0
  • 10.0.0
  • 9.0.0
  • 8.0.0
  • 7.0.2
  • 7.0.1
  • 7.0.0
  • 6.2.0
  • 6.1.0
  • 6.0.0
  • 5.0.0
  • 4.0.0
  • 3.0.1
  • 3.0.0
  • 2.9.1
  • 2.9.0
  • 2.8.1
  • 2.8.0
  • 2.7.0
  • 2.6.0
  • 2.5.0
  • 2.4.0
  • 2.3.6
  • 2.3.5
  • 2.3.4
  • 2.3.3
  • 2.3.2
  • 2.3.1
  • 2.3.0
  • 2.2.0
  • 2.1.0
  • 2.0.0
  • 1.4.0
  • 1.2.0
  • 1.1.1
  • 1.1.0
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
released Apr 25th 2014
This version is compatible with:

    Start using this module

    • r10k or Code Manager
    • Bolt
    • Manual installation
    • Direct download

    Add this module to your Puppetfile:

    mod 'saz-ssh', '2.3.6'
    Learn more about managing modules with a Puppetfile

    Add this module to your Bolt project:

    bolt module add saz-ssh
    Learn more about using this module with an existing project

    Manually install this module globally with Puppet module tool:

    puppet module install saz-ssh --version 2.3.6

    Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

    Download

    Documentation

    saz/ssh — version 2.3.6 Apr 25th 2014

    puppet-ssh Build Status

    Manage SSH client and server via Puppet

    Gittip

    Support via Gittip

    Requirements

    • Exported resources for host keys management
    • puppetlabs/stdlib

    Usage

    Since version 2.0.0 only non-default values are written to both, client and server, configuration files.

    Multiple occurances of one config key (e.g. sshd should be listening on port 22 and 2222) should be passed as an array.

        options => {
          Port => [22, 2222],
        }
    

    This is working for both, client and server

    Both client and server

    Host keys will be collected and distributed unless storeconfigs_enabled => false

        include ssh
    

    or

        class { 'ssh':
          storeconfigs_enabled => false,
          server_options => {
            'Match User www-data' => {
              'ChrootDirectory' => '%h',
              'ForceCommand' => 'internal-sftp',
              'PasswordAuthentication' => 'yes',
              'AllowTcpForwarding' => 'no',
              'X11Forwarding' => 'no',
            },
            Port => [22, 2222, 2288],
          },
          client_options => {
            'Host *.amazonaws.com' => {
              'User' => 'ec2-user',
            },
          },
        }
    

    Client only

    Collected host keys from servers will be written to known_hosts unless storeconfigs_enabled => false

        include ssh::client
    

    or

        class { 'ssh::client':
          storeconfigs_enabled => false,
          options => {
            'Host short' => {
              'User' => 'my-user',
              'HostName' => 'extreme.long.and.complicated.hostname.domain.tld',
            },
            'Host *' => {
              'User' => 'andromeda',
              'UserKnownHostsFile' => '/dev/null',
            },
          },
        }
    

    Server only

    Host keys will be collected for client distribution unless storeconfigs_enabled => false

        include ssh::server
    

    or

        class { 'ssh::server':
          storeconfigs_enabled => false,
          options => {
            'Match User www-data' => {
              'ChrootDirectory' => '%h',
              'ForceCommand' => 'internal-sftp',
              'PasswordAuthentication' => 'yes',
              'AllowTcpForwarding' => 'no',
              'X11Forwarding' => 'no',
            },
            'PasswordAuthentication' => 'no',
            'PermitRootLogin'        => 'no',
            'Port'                   => [22, 2222],
          },
        }
    

    Default options

    Client

        'Host *'                 => {
          'SendEnv'              => 'LANG LC_*',
          'HashKnownHosts'       => 'yes',
          'GSSAPIAuthentication' => 'yes',
        }
    

    Server

        'ChallengeResponseAuthentication' => 'no',
        'X11Forwarding'                   => 'yes',
        'PrintMotd'                       => 'no',
        'AcceptEnv'                       => 'LANG LC_*',
        'Subsystem'                       => 'sftp /usr/lib/openssh/sftp-server',
        'UsePAM'                          => 'yes',
    

    Overwriting default options

    Default options will be merged with options passed in. If an option is set both as default and via options parameter, the latter will will win.

    The following example will disable X11Forwarding, which is enabled by default:

        class { 'ssh::server':
          options           => {
            'X11Forwarding' => 'no',
          },
        }
    

    Which will lead to the following sshd_config file:

    # File is managed by Puppet
    
    ChallengeResponseAuthentication no
    X11Forwarding no
    PrintMotd no
    AcceptEnv LANG LC_*
    Subsystem sftp /usr/lib/openssh/sftp-server
    UsePAM yes
    PasswordAuthentication no
    

    Defining host keys for server

    You can define host keys your server will use

    ssh::server::host_key {'ssh_host_rsa_key':
      private_key_content => '<the private key>',
      public_key_content  => '<the public key>',
    }
    

    Alternately, you could create the host key providing the files, instead of the content:

    ssh::server::host_key {'ssh_host_rsa_key':
      private_key_source => 'puppet:///mymodule/ssh_host_rsa_key',
      public_key_source  => 'puppet:///mymodule/ssh_host_rsa_key.pub',
    }
    

    Both of these definitions will create /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_rsa_key.pub and restart sshd daemon.