2 package { [ 'openssh-client', 'openssh-server']:
8 require => Package['openssh-server']
11 ferm::rule::simple { 'dsa-ssh':
12 description => 'check ssh access',
16 ferm::rule { 'dsa-ssh-sources':
17 description => 'Allow SSH from DSA',
19 rule => 'saddr ($SSH_SOURCES) ACCEPT'
22 file { '/etc/ssh/ssh_config':
23 content => template('ssh/ssh_config.erb'),
24 require => Package['openssh-client']
26 file { '/etc/ssh/sshd_config':
27 content => template('ssh/sshd_config.erb'),
28 require => Package['openssh-server'],
29 notify => Service['ssh']
31 file { '/etc/ssh/userkeys':
34 require => Package['openssh-server']
36 file { '/etc/ssh/puppetkeys':
42 source => 'puppet:///files/empty/',
43 require => Package['openssh-server']
45 file { '/etc/ssh/userkeys/root':
46 content => template('ssh/authorized_keys.erb'),
49 if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
50 if ! $facts['has_etc_ssh_ssh_host_ed25519_key'] {
51 exec { 'create-ed25519-host-key':
52 command => 'ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -q -P "" -t ed25519',
56 if $facts['systemd'] {
57 package { [ 'libpam-systemd' ]: