Fixed disabling sshd on Ubuntu

2011-01-24 16:27:41 +02:00 · 2011-01-24 16:27:41 +02:00 · edebb3dda3
commit edebb3dda3
parent 41059a1e2c
3 changed files with 79 additions and 0 deletions
--- a/ssh/files/ssh.disabled.conf
+++ b/ssh/files/ssh.disabled.conf
@ -0,0 +1,27 @@
+# ssh - OpenBSD Secure Shell server
+#
+# The OpenSSH server provides secure shell access to the system.
+
+description	"OpenSSH server"
+
+start on never
+stop on runlevel S
+
+expect fork
+respawn
+respawn limit 10 5
+umask 022
+# replaces SSHD_OOM_ADJUST in /etc/default/ssh
+oom never
+
+pre-start script
+    test -x /usr/sbin/sshd || { stop; exit 0; }
+    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
+    test -c /dev/null || { stop; exit 0; }
+
+    mkdir -p -m0755 /var/run/sshd
+end script
+
+# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
+# 'exec' line here instead
+exec /usr/sbin/sshd
--- a/ssh/files/ssh.enabled.conf
+++ b/ssh/files/ssh.enabled.conf
@ -0,0 +1,27 @@
+# ssh - OpenBSD Secure Shell server
+#
+# The OpenSSH server provides secure shell access to the system.
+
+description	"OpenSSH server"
+
+start on filesystem
+stop on runlevel S
+
+expect fork
+respawn
+respawn limit 10 5
+umask 022
+# replaces SSHD_OOM_ADJUST in /etc/default/ssh
+oom never
+
+pre-start script
+    test -x /usr/sbin/sshd || { stop; exit 0; }
+    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
+    test -c /dev/null || { stop; exit 0; }
+
+    mkdir -p -m0755 /var/run/sshd
+end script
+
+# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
+# 'exec' line here instead
+exec /usr/sbin/sshd
--- a/ssh/manifests/init.pp
+++ b/ssh/manifests/init.pp
@ -97,7 +97,32 @@ class ssh::hostkeys {
 #
 class ssh::disable {

+    case $operatingsystem {
+        ubuntu: {
+            # fix ssh init, the sysv-rc script
+            # doesn't work together with upstart
+            file { "/etc/init.d/ssh":
+                ensure => link,
+                force  => true,
+                target => "/lib/init/upstart-job",
+                backup => ".orig",
+                before => Service["sshd"],
+            }
+            file { "/etc/init/ssh.conf":
+                ensure => present,
+                mode   => 0644,
+                owner  => root,
+                group  => root,
+                source => "puppet:///ssh/ssh.disabled.conf",
+            }
+        }
+    }
+
    service { "sshd":
+        name   => $operatingsystem ? {
+            ubuntu  => "ssh",
+            default => "sshd",
+        },
        ensure => stopped,
        enable => false,
    }