require => Package['openssh-server']
}
- @ferm::rule { 'dsa-ssh':
+ ferm::rule { 'dsa-ssh':
description => 'Allow SSH from DSA',
rule => '&SERVICE_RANGE(tcp, ssh, $SSH_SOURCES)'
}
- @ferm::rule { 'dsa-ssh-v6':
+ ferm::rule { 'dsa-ssh-v6':
description => 'Allow SSH from DSA',
domain => 'ip6',
rule => '&SERVICE_RANGE(tcp, ssh, $SSH_V6_SOURCES)'
mode => '0755',
require => Package['openssh-server']
}
+ file { '/etc/ssh/puppetkeys':
+ ensure => directory,
+ mode => '0755',
+ purge => true,
+ recurse => true,
+ force => true,
+ source => 'puppet:///files/empty/',
+ require => Package['openssh-server']
+ }
file { '/etc/ssh/userkeys/root':
content => template('ssh/authorized_keys.erb'),
}
- if ($::lsbmajdistrelease >= 8) {
+ if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
if ! $has_etc_ssh_ssh_host_ed25519_key {
exec { 'create-ed25519-host-key':
command => 'ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -q -P "" -t ed25519',
- onlyif => '! [ -e /etc/ssh/ssh_host_ed25519_key ]'
+ }
+ }
+
+ if $systemd {
+ package { [ 'libpam-systemd' ]:
+ ensure => installed
}
}
}
projects / mirror / dsa-puppet.git / blobdiff