Puppet Class: ssh::params

Defined in:
manifests/params.pp

Summary

This class is meant to be called from ssh. It sets variables according to platform.

Overview



3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# File 'manifests/params.pp', line 3

class ssh::params {
  $protocol = 2
  $port = [22]
  $address_family = 'any'
  $listen_addresses = [
    '127.0.0.1',
    $hostname,
  ]
  $host_keys = [
    '/etc/ssh/ssh_host_rsa_key',
    '/etc/ssh/ssh_host_dsa_key',
    '/etc/ssh/ssh_host_ecdsa_key',
    '/etc/ssh/ssh_host_ed25519_key',
  ]
  $syslog_facility = 'AUTHPRIV'
  $log_level = 'INFO'
  $login_grace_time = 120
  $permit_root_login = 'without-password'
  $strict_modes = true
  $max_auth_tries = 3
  $pubkey_authentication = true
  $rsa_authentication = true
  $authorized_keys_file = '.ssh/authorized_keys'
  $password_authentication = false
  $permit_empty_passwords = false
  $challenge_response_authentication = true
  $gssapi_authentication = true
  $gssapi_cleanup_credentials = true
  $use_pam = true
  $use_dns = false
  $allow_agent_forwarding = true
  $allow_tcp_forwarding = true
  $allow_stream_local_forwarding = false
  $ignore_user_known_hosts = false
  $x11_forwarding = false
  $x11_use_localhost = true
  $print_motd = false
  $tcp_keepalive = true
  $compression = false
  $client_alive_count_interval = 0
  $client_alive_count_max = 2
  $max_sessions = 2
  $fingerprint_hash = 'sha256'
  $ignore_rhosts = true
  $banner = 'none'
  $chroot_directory = 'none'
  $permit_tunnel = false
  $kex_algorithms = [
    "diffie-hellman-group14-sha256",
    "diffie-hellman-group16-sha512",
    "diffie-hellman-group18-sha512",
    "curve25519-sha256@libssh.org",
  ]
  $macs = [
    "umac-128-etm@openssh.com",
    "hmac-sha2-256-etm@openssh.com",
    "hmac-sha2-512-etm@openssh.com",
  ]
  $ciphers = [
    "chacha20-poly1305@openssh.com",
    "aes256-gcm@openssh.com",
    "aes128-gcm@openssh.com",
    "aes256-ctr",
    "aes192-ctr",
    "aes128-ctr",
  ]
  $disable_forwarding = false
  $accept_env = [
    "LANG",
    "LC_*",
  ]
  $debian_banner = false
  $permit_open = []
  $permit_tty = true
  $permit_user_environment = false

  case $::osfamily {
    'Debian': {
      $package_name = 'ssh'
      $service_name = 'ssh'
    }
    'RedHat', 'Amazon': {
      $package_name = 'ssh'
      $service_name = 'ssh'
    }
    default: {
      fail("${::operatingsystem} not supported")
    }
  }
}