Fixed disabling sshd on Ubuntu
This commit is contained in:
Ossi Salmi
parent
41059a1e2c
commit
edebb3dda3
3 changed files with 79 additions and 0 deletions
27
ssh/files/ssh.disabled.conf
Normal file
27
ssh/files/ssh.disabled.conf
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
# ssh - OpenBSD Secure Shell server
|
||||||
|
#
|
||||||
|
# The OpenSSH server provides secure shell access to the system.
|
||||||
|
|
||||||
|
description "OpenSSH server"
|
||||||
|
|
||||||
|
start on never
|
||||||
|
stop on runlevel S
|
||||||
|
|
||||||
|
expect fork
|
||||||
|
respawn
|
||||||
|
respawn limit 10 5
|
||||||
|
umask 022
|
||||||
|
# replaces SSHD_OOM_ADJUST in /etc/default/ssh
|
||||||
|
oom never
|
||||||
|
|
||||||
|
pre-start script
|
||||||
|
test -x /usr/sbin/sshd || { stop; exit 0; }
|
||||||
|
test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
|
||||||
|
test -c /dev/null || { stop; exit 0; }
|
||||||
|
|
||||||
|
mkdir -p -m0755 /var/run/sshd
|
||||||
|
end script
|
||||||
|
|
||||||
|
# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
|
||||||
|
# 'exec' line here instead
|
||||||
|
exec /usr/sbin/sshd
|
||||||
27
ssh/files/ssh.enabled.conf
Normal file
27
ssh/files/ssh.enabled.conf
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
# ssh - OpenBSD Secure Shell server
|
||||||
|
#
|
||||||
|
# The OpenSSH server provides secure shell access to the system.
|
||||||
|
|
||||||
|
description "OpenSSH server"
|
||||||
|
|
||||||
|
start on filesystem
|
||||||
|
stop on runlevel S
|
||||||
|
|
||||||
|
expect fork
|
||||||
|
respawn
|
||||||
|
respawn limit 10 5
|
||||||
|
umask 022
|
||||||
|
# replaces SSHD_OOM_ADJUST in /etc/default/ssh
|
||||||
|
oom never
|
||||||
|
|
||||||
|
pre-start script
|
||||||
|
test -x /usr/sbin/sshd || { stop; exit 0; }
|
||||||
|
test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
|
||||||
|
test -c /dev/null || { stop; exit 0; }
|
||||||
|
|
||||||
|
mkdir -p -m0755 /var/run/sshd
|
||||||
|
end script
|
||||||
|
|
||||||
|
# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
|
||||||
|
# 'exec' line here instead
|
||||||
|
exec /usr/sbin/sshd
|
||||||
|
|
@ -97,7 +97,32 @@ class ssh::hostkeys {
|
||||||
#
|
#
|
||||||
class ssh::disable {
|
class ssh::disable {
|
||||||
|
|
||||||
|
case $operatingsystem {
|
||||||
|
ubuntu: {
|
||||||
|
# fix ssh init, the sysv-rc script
|
||||||
|
# doesn't work together with upstart
|
||||||
|
file { "/etc/init.d/ssh":
|
||||||
|
ensure => link,
|
||||||
|
force => true,
|
||||||
|
target => "/lib/init/upstart-job",
|
||||||
|
backup => ".orig",
|
||||||
|
before => Service["sshd"],
|
||||||
|
}
|
||||||
|
file { "/etc/init/ssh.conf":
|
||||||
|
ensure => present,
|
||||||
|
mode => 0644,
|
||||||
|
owner => root,
|
||||||
|
group => root,
|
||||||
|
source => "puppet:///ssh/ssh.disabled.conf",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
service { "sshd":
|
service { "sshd":
|
||||||
|
name => $operatingsystem ? {
|
||||||
|
ubuntu => "ssh",
|
||||||
|
default => "sshd",
|
||||||
|
},
|
||||||
ensure => stopped,
|
ensure => stopped,
|
||||||
enable => false,
|
enable => false,
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue