openssh-server: ensure => installed;
}
- case $hostname {
- bartok, beethoven: {
- $keyinfo = allnodeinfo("sshRSAHostKey", "ipHostNumber")
- }
- }
-
-
file { "/etc/ssh/ssh_config":
- source => [ "puppet:///ssh/ssh_config" ],
+ content => template("ssh/ssh_config.erb"),
require => Package["openssh-client"]
;
"/etc/ssh/sshd_config":
@ferm::rule { "dsa-ssh":
description => "Allow SSH from DSA",
- rule => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_SOURCES) ACCEPT; }"
+ rule => "&SERVICE_RANGE(tcp, ssh, \$SSH_SOURCES)"
}
@ferm::rule { "dsa-ssh-v6":
description => "Allow SSH from DSA",
domain => "ip6",
- rule => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_V6_SOURCES) ACCEPT; }"
+ rule => "&SERVICE_RANGE(tcp, ssh, \$SSH_V6_SOURCES)"
}
}
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4: