ssh: Installs and manages an SSH client Requires Chocolatey or Cygwin on Windows.ssh::chroot: Class: ssh::chroot Prepares the chroot environment for SSHssh::params: Class: ssh::params Sets varables for the SSH classssh::server: This class installs and manages an SSH serverssh::server::chocolatey: Windows native OpenSSH serverssh::server::cygwin: Cygwin OpenSSH serverssh::server::linux: Linux specific server configurationssh::server::solaris: Solaris specific server configuration
ssh::allowgroup: Class: ssh::allowgroup Allows a group the ability to shell into a give node.ssh::authorized_key: Platform independent way to specify an SSH authorized keyssh::authorized_key::file: Manage the authorized_keys filessh::chrootgroup: Sets up a chroot for a given groupssh::key: Generate an ssh key pair and publish the public key as a fact The fact will be named "ssh_public_key_${name}_rsa". If you specify $target_qssh::key::collector: Collect SSH public keys exported by ssh::key and add them to authorized_keys This is not secure. It grants remote access to a host pulled frssh::key::marker: Marks a host in PuppetDB that produces the ssh_public_key_${name}_rsa fact. Nodes are marked by using the ssh::key defined type. They are qussh::key::remote: Collect an SSH public key exported by ssh::key and add it to authorized_keys This is secure. You must specify the accessing node explicitly
ssh::fix_eol: Ensure line endings are correct for the current platform.ssh::yesno: Pass through strings and convert booleans into 'yes' or 'no'
Ssh::Key::Option: Eitheroptionoroption="value"Ssh::Key::String: This represents the key itself.Ssh::Key::Type: I believe there are more key types than this, but I don't know what they are.Ssh::PermitRootLogin: For ssh::server::permit_root_login.
Installs and manages an SSH client
Requires Chocolatey or Cygwin on Windows.
Class: ssh::chroot
Prepares the chroot environment for SSH
Class: ssh::params
Sets varables for the SSH class
The following parameters are available in the ssh::params class:
Data type: Boolean
Whether to use cygwin as the OpenSSH provider.
Default value: lookup('cygwin::enable', Boolean, undef, false)
This class installs and manages an SSH server
The following parameters are available in the ssh::server class:
print_motdpermit_x11_forwardingaccept_envkex_algorithmpermit_root_logincyg_server_passwordconfig_mode
Data type: Boolean
Whether the ssh daemon should print the contents of the /etc/motd file when a user logs in interactively.
Default value: $ssh::params::print_motd
Data type: Boolean
Whether X11 forwarding should be enabled or not.
Default value: false
Data type: Array[String[1]]
An array of environment variables to be accepted that will be copied into the session's environment.
Default value: []
Data type: Optional[String[1]]
The available KEX (Key Exchange) algorithms to accept.
Default value: undef
Data type: Ssh::PermitRootLogin
Whether root can log in using ssh.
Default value: $ssh::params::permit_root_login
Data type: Optional[Sensitive[String[1]]]
Only required on Cygwin. It's the password for the ssh daemon user.
Default value: undef
Data type: Optional[String[3]]
The file mode to set for the ssh config file.
Default value: $ssh::params::config_mode
Windows native OpenSSH server
The following parameters are available in the ssh::server::chocolatey class:
Data type: Enum[present, absent]
The ensure option for a default shell.
Default value: present
Data type: Stdlib::Absolutepath
The default shell to use.
Default value: $ssh::params::default_shell
Data type: String
Options to pass to the default shell.
Default value: '/c'
Cygwin OpenSSH server
Linux specific server configuration
Solaris specific server configuration
Class: ssh::allowgroup
Allows a group the ability to shell into a give node.
The following parameters are available in the ssh::allowgroup defined type:
Data type: String[1]
A list of group name patterns, separated by spaces, to only allow members of those group(s) to login.
Default value: $title
Platform independent way to specify an SSH authorized key
The following parameters are available in the ssh::authorized_key defined type:
Data type: String[1]
The user account in which the SSH key should be installed.
Default value: $title
Data type: Enum[present, absent]
The ensure value for the ssh authorized key resource.
Default value: 'present'
Data type: Optional[Ssh::Key::String]
The public key itself.
Default value: undef
Data type: Ssh::Key::Type
The encryption type used.
Default value: 'ssh-rsa'
Data type: Array[Ssh::Key::Option]
Key options; see sshd(8) for possible values.
Default value: []
This is only used on systems where ssh_authorized_key doesn't work.
The following parameters are available in the ssh::authorized_key::file defined type:
Data type: Enum[present, absent]
The ensure value for the ssh authorized key file.
Default value: 'present'
Data type: String[1]
The target user's authorized key file to manage and file owner permission to set.
Default value: $title
Data type: String[1]
The group permissions of the authorized key file.
Default value: 'NT AUTHORITY\SYSTEM'
Sets up a chroot for a given group
The following parameters are available in the ssh::chrootgroup defined type:
Data type: String[1]
The group used to setup a chroot environment.
Default value: $title
Data type: Boolean
Whether TCP forwarding is permitted.
Default value: false
Generate an ssh key pair and publish the public key as a fact
The fact will be named "ssh_public_key_${name}_rsa".
If you specify $target_query, you will be able to add the corresponding public key on hosts matching $target_query with ::ssh::key::collector.
The following parameters are available in the ssh::key defined type:
Data type: String[1]
The account to generate an ssh key pair for.
Default value: $name
Data type: Pattern[/^\//]
The location of the ssh private key.
Default value: "/home/${user}/.ssh/id_rsa"
Data type: Optional[String[1]]
The query used to gather targets used for ssh::key::marker and known_hosts, if applicable.
Default value: undef
Data type: Boolean
Whether to manage the known_hosts file.
Default value: true
Collect SSH public keys exported by ssh::key and add them to authorized_keys
This is not secure. It grants remote access to a host pulled from PuppetDB, so if you can run custom puppet code on a host, you can cause this to collect the public key from the malicious host.
See ssh::key::remote for a more secure option.
The following parameters are available in the ssh::key::collector defined type:
Data type: String[1]
The name of the ssh::key resource. Defaults to $name.
Default value: $name
Data type: Array[String[1], 1]
Users to add the key to. Defaults to [$name].
Default value: [$name]
Data type: Optional[Array[String[1], 1]]
Options to pass to ssh_authorized_key.
Default value: undef
Marks a host in PuppetDB that produces the ssh_public_key_${name}_rsa fact.
Nodes are marked by using the ssh::key defined type. They are queried for this marker in the ssh::key::collector defined type.
Collect an SSH public key exported by ssh::key and add it to authorized_keys
This is secure. You must specify the accessing node explicitly by certname, so a malicious host cannot spoof its way to access.
$title - $user@$certname
The following parameters are available in the ssh::key::remote defined type:
Data type: String[1]
The user to add the key to. Defaults to the first part of $title.
Default value: ('@')[0]
Data type: Pattern[/\A[a-z0-9_.-]+\Z/]
The certname of the remote host. Defaults to second part of $title.
Default value: ('@')[1]
Data type: String[1]
The name of the ssh::key resource. Defaults to $user.
Default value: $user
Data type: Optional[Array[String[1], 1]]
Options to pass to ssh_authorized_key.
Default value: undef
Type: Puppet Language
Ensure line endings are correct for the current platform.
Ensure line endings are correct for the current platform.
Returns: String Returns a string with the desired line ending.
Data type: String
The string to perform a line ending conversion on.
Type: Puppet Language
Pass through strings and convert booleans into 'yes' or 'no'
Pass through strings and convert booleans into 'yes' or 'no'
Returns: String[1] Returns a string content of either 'yes' or 'no'.
Data type: Variant[Boolean, String[1]]
The boolean value to convert to a string.
Either option or option="value"
Alias of
Pattern[/\A\w+(=".*")?\z/]This represents the key itself.
Alias of
Stdlib::Base64I believe there are more key types than this, but I don't know what they are.
Alias of
Enum['ssh-dsa', 'ssh-dss', 'rsa', 'ssh-rsa', 'ssh-ecdsa', 'ssh-ed25519', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521']For ssh::server::permit_root_login.
Alias of
Variant[Boolean, Enum['without-password', 'forced-commands-only']]