3 package { [ 'openssh-client', 'openssh-server']:
9 require => Package['openssh-server']
12 ferm::rule { 'dsa-ssh':
13 description => 'Allow SSH from DSA',
14 rule => '&SERVICE_RANGE(tcp, ssh, $SSH_SOURCES)'
16 ferm::rule { 'dsa-ssh-v6':
17 description => 'Allow SSH from DSA',
19 rule => '&SERVICE_RANGE(tcp, ssh, $SSH_V6_SOURCES)'
22 file { '/etc/ssh/ssh_config':
23 content => template('ssh/ssh_config.erb'),
24 require => Package['openssh-client']
26 file { '/etc/ssh/sshd_config':
27 content => template('ssh/sshd_config.erb'),
28 require => Package['openssh-server'],
29 notify => Service['ssh']
31 file { '/etc/ssh/userkeys':
34 require => Package['openssh-server']
36 file { '/etc/ssh/puppetkeys':
42 source => 'puppet:///files/empty/',
43 require => Package['openssh-server']
45 file { '/etc/ssh/userkeys/root':
46 content => template('ssh/authorized_keys.erb'),
49 if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
50 if ! $has_etc_ssh_ssh_host_ed25519_key {
51 exec { 'create-ed25519-host-key':
52 command => 'ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -q -P "" -t ed25519',
57 package { [ 'libpam-systemd' ]: