132 lines
3.2 KiB
Puppet
132 lines
3.2 KiB
Puppet
# Export and collect public host keys.
|
|
#
|
|
class ssh::known_hosts {
|
|
|
|
file { "/etc/ssh/ssh_known_hosts":
|
|
ensure => present,
|
|
mode => 0644,
|
|
owner => root,
|
|
group => $operatingsystem ? {
|
|
OpenBSD => wheel,
|
|
default => root,
|
|
},
|
|
}
|
|
|
|
@@sshkey { $homename:
|
|
ensure => present,
|
|
type => rsa,
|
|
key => $sshrsakey,
|
|
host_aliases => inline_template("<%= homename.split('.')[0] %>"),
|
|
require => File["/etc/ssh/ssh_known_hosts"],
|
|
}
|
|
|
|
Sshkey <<| |>>
|
|
|
|
}
|
|
|
|
|
|
# Install SSH host keys.
|
|
#
|
|
class ssh::hostkeys {
|
|
|
|
file { "/etc/ssh/ssh_host_dsa_key":
|
|
ensure => present,
|
|
source => "puppet:///private/ssh_host_dsa_key",
|
|
mode => 0600,
|
|
owner => root,
|
|
group => $operatingsystem ? {
|
|
openbsd => wheel,
|
|
default => root,
|
|
},
|
|
}
|
|
file { "/etc/ssh/ssh_host_dsa_key.pub":
|
|
ensure => present,
|
|
source => "puppet:///private/ssh_host_dsa_key.pub",
|
|
mode => 0644,
|
|
owner => root,
|
|
group => $operatingsystem ? {
|
|
openbsd => wheel,
|
|
default => root,
|
|
},
|
|
}
|
|
|
|
file { "/etc/ssh/ssh_host_rsa_key":
|
|
ensure => present,
|
|
source => "puppet:///private/ssh_host_rsa_key",
|
|
mode => 0600,
|
|
owner => root,
|
|
group => $operatingsystem ? {
|
|
openbsd => wheel,
|
|
default => root,
|
|
},
|
|
}
|
|
file { "/etc/ssh/ssh_host_rsa_key.pub":
|
|
ensure => present,
|
|
source => "puppet:///private/ssh_host_rsa_key.pub",
|
|
mode => 0644,
|
|
owner => root,
|
|
group => $operatingsystem ? {
|
|
openbsd => wheel,
|
|
default => root,
|
|
},
|
|
}
|
|
|
|
file { "/etc/ssh/ssh_host_key":
|
|
ensure => present,
|
|
source => "puppet:///private/ssh_host_key",
|
|
mode => 0600,
|
|
owner => root,
|
|
group => $operatingsystem ? {
|
|
openbsd => wheel,
|
|
default => root,
|
|
},
|
|
}
|
|
file { "/etc/ssh/ssh_host_key.pub":
|
|
ensure => present,
|
|
source => "puppet:///private/ssh_host_key.pub",
|
|
mode => 0644,
|
|
owner => root,
|
|
group => $operatingsystem ? {
|
|
openbsd => wheel,
|
|
default => root,
|
|
},
|
|
}
|
|
|
|
}
|
|
|
|
|
|
# Disable SSH server.
|
|
#
|
|
class ssh::disable {
|
|
|
|
case $operatingsystem {
|
|
ubuntu: {
|
|
# fix ssh init, the sysv-rc script
|
|
# doesn't work together with upstart
|
|
file { "/etc/init.d/ssh":
|
|
ensure => link,
|
|
force => true,
|
|
target => "/lib/init/upstart-job",
|
|
backup => ".orig",
|
|
before => Service["sshd"],
|
|
}
|
|
file { "/etc/init/ssh.conf":
|
|
ensure => present,
|
|
mode => 0644,
|
|
owner => root,
|
|
group => root,
|
|
source => "puppet:///modules/ssh/ssh.disabled.conf",
|
|
}
|
|
}
|
|
}
|
|
|
|
service { "sshd":
|
|
name => $operatingsystem ? {
|
|
ubuntu => "ssh",
|
|
default => "sshd",
|
|
},
|
|
ensure => stopped,
|
|
enable => false,
|
|
}
|
|
|
|
}
|