2 package { [ 'openssh-client', 'openssh-server']:
8 require => Package['openssh-server']
11 ferm::rule::simple { 'dsa-ssh':
12 description => 'check ssh access',
16 ferm::rule { 'dsa-ssh-sources':
17 description => 'Allow SSH from DSA',
19 rule => 'saddr ($SSH_SOURCES) ACCEPT'
21 Ferm::Rule::Simple <<| tag == 'ssh::server::from::nagios' |>>
23 file { '/etc/ssh/ssh_config':
24 content => template('ssh/ssh_config.erb'),
25 require => Package['openssh-client']
27 file { '/etc/ssh/sshd_config':
28 content => template('ssh/sshd_config.erb'),
29 require => Package['openssh-server'],
30 notify => Service['ssh']
32 file { '/etc/ssh/userkeys':
35 require => Package['openssh-server']
37 file { '/etc/ssh/puppetkeys':
43 source => 'puppet:///files/empty/',
44 require => Package['openssh-server']
46 file { '/etc/ssh/userkeys/root':
47 content => template('ssh/authorized_keys.erb'),
50 if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
51 if ! $facts['has_etc_ssh_ssh_host_ed25519_key'] {
52 exec { 'create-ed25519-host-key':
53 command => 'ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -q -P "" -t ed25519',
57 if $facts['systemd'] {
58 package { [ 'libpam-systemd' ]: