From edebb3dda361e6803a0e764e534c1347c2ed8502 Mon Sep 17 00:00:00 2001
From: Ossi Salmi <osalmi@iki.fi>
Date: Mon, 24 Jan 2011 16:27:41 +0200
Subject: [PATCH] Fixed disabling sshd on Ubuntu

---
 ssh/files/ssh.disabled.conf | 27 +++++++++++++++++++++++++++
 ssh/files/ssh.enabled.conf  | 27 +++++++++++++++++++++++++++
 ssh/manifests/init.pp       | 25 +++++++++++++++++++++++++
 3 files changed, 79 insertions(+)
 create mode 100644 ssh/files/ssh.disabled.conf
 create mode 100644 ssh/files/ssh.enabled.conf

diff --git a/ssh/files/ssh.disabled.conf b/ssh/files/ssh.disabled.conf
new file mode 100644
index 0000000..90f17ae
--- /dev/null
+++ b/ssh/files/ssh.disabled.conf
@@ -0,0 +1,27 @@
+# ssh - OpenBSD Secure Shell server
+#
+# The OpenSSH server provides secure shell access to the system.
+
+description	"OpenSSH server"
+
+start on never
+stop on runlevel S
+
+expect fork
+respawn
+respawn limit 10 5
+umask 022
+# replaces SSHD_OOM_ADJUST in /etc/default/ssh
+oom never
+
+pre-start script
+    test -x /usr/sbin/sshd || { stop; exit 0; }
+    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
+    test -c /dev/null || { stop; exit 0; }
+
+    mkdir -p -m0755 /var/run/sshd
+end script
+
+# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
+# 'exec' line here instead
+exec /usr/sbin/sshd
diff --git a/ssh/files/ssh.enabled.conf b/ssh/files/ssh.enabled.conf
new file mode 100644
index 0000000..3a733b0
--- /dev/null
+++ b/ssh/files/ssh.enabled.conf
@@ -0,0 +1,27 @@
+# ssh - OpenBSD Secure Shell server
+#
+# The OpenSSH server provides secure shell access to the system.
+
+description	"OpenSSH server"
+
+start on filesystem
+stop on runlevel S
+
+expect fork
+respawn
+respawn limit 10 5
+umask 022
+# replaces SSHD_OOM_ADJUST in /etc/default/ssh
+oom never
+
+pre-start script
+    test -x /usr/sbin/sshd || { stop; exit 0; }
+    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
+    test -c /dev/null || { stop; exit 0; }
+
+    mkdir -p -m0755 /var/run/sshd
+end script
+
+# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
+# 'exec' line here instead
+exec /usr/sbin/sshd
diff --git a/ssh/manifests/init.pp b/ssh/manifests/init.pp
index 651d651..465f68c 100644
--- a/ssh/manifests/init.pp
+++ b/ssh/manifests/init.pp
@@ -97,7 +97,32 @@ class ssh::hostkeys {
 #
 class ssh::disable {
 
+    case $operatingsystem {
+        ubuntu: {
+            # fix ssh init, the sysv-rc script
+            # doesn't work together with upstart
+            file { "/etc/init.d/ssh":
+                ensure => link,
+                force  => true,
+                target => "/lib/init/upstart-job",
+                backup => ".orig",
+                before => Service["sshd"],
+            }
+            file { "/etc/init/ssh.conf":
+                ensure => present,
+                mode   => 0644,
+                owner  => root,
+                group  => root,
+                source => "puppet:///ssh/ssh.disabled.conf",
+            }
+        }
+    }
+
     service { "sshd":
+        name   => $operatingsystem ? {
+            ubuntu  => "ssh",
+            default => "sshd",
+        },
         ensure => stopped,
         enable => false,
     }