Skip to content

Latest commit

 

History

History
293 lines (174 loc) · 7.93 KB

REFERENCE.md

File metadata and controls

293 lines (174 loc) · 7.93 KB
Raw

Reference

Table of Contents

Resource types

  • ssh_config: Manages settings in an OpenSSH ssh_config file. The resource name is used for the setting name, but if the host is given, then the name ca
  • sshd_config: Manages settings in an OpenSSH sshd_config file. The resource name is used for the setting name, but if the condition is given, then the n
  • sshd_config_match: Manages Match groups in an OpenSSH sshd_config file.
  • sshd_config_subsystem: Manages Subsystem settings in an OpenSSH sshd_config file.

Resource types

ssh_config

Manages settings in an OpenSSH ssh_config file.

The resource name is used for the setting name, but if the host is given, then the name can be something else and the key given as the name of the setting.

Properties

The following properties are available in the ssh_config type.

comment

Text to be stored in a comment immediately above the entry. It will be automatically prepended with the name of the variable in order for the provider to know whether it controls the comment or not.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

value

Value to change the setting to. The follow parameters take an array of values:

  • MACs;
  • Ciphers;
  • SendEnv.

All other parameters take a string. When passing an array to other parameters, only the first value in the array will be considered.

Parameters

The following parameters are available in the ssh_config type.

host

Host condition for the entry.

key

Overrides setting name to prevent resource conflicts if host is given.

name

namevar

The name of the setting, or a unique string if host given.

provider

The specific backend to use for this ssh_config resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

target

The file in which to store the settings, defaults to /etc/ssh/ssh_config.

sshd_config

Manages settings in an OpenSSH sshd_config file.

The resource name is used for the setting name, but if the condition is given, then the name can be something else and the key given as the name of the setting.

Subsystem entries are not managed by this type. There is a specific sshd_config_subsystem type to manage these entries.

Properties

The following properties are available in the sshd_config type.

comment

Text to be stored in a comment immediately above the entry. It will be automatically prepended with the name of the variable in order for the provider to know whether it controls the comment or not.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

value

Value to change the setting to. The follow parameters take an array of values:

  • AcceptEnv;
  • AllowGroups;
  • AllowUsers;
  • Ciphers;
  • DenyGroups;
  • DenyUsers;
  • Port;
  • KexAlgorithms;
  • MACs;
  • HostKeyAlgorithms.

All other parameters take a string. When passing an array to other parameters, only the first value in the array will be considered.

Parameters

The following parameters are available in the sshd_config type.

array_append

Valid values: false, true

Whether to add to existing array values or replace all values.

Default value: false

condition

Match group condition for the entry, in the format:

sshd_config { 'PermitRootLogin':
  value     => 'without-password',
  condition => 'Host example.net',
}

The value can contain multiple conditions, concatenated together with whitespace. This is used if the Match block has multiple criteria.

condition => 'Host example.net User root'
key

Overrides setting name to prevent resource conflicts if condition is given.

name

namevar

The name of the setting, or a unique string if condition given.

provider

The specific backend to use for this sshd_config resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

target

The file in which to store the settings, defaults to /etc/ssh/sshd_config.

sshd_config_match

Manages Match groups in an OpenSSH sshd_config file.

Properties

The following properties are available in the sshd_config_match type.

comment

Text to be stored in a comment immediately above the entry. It will be automatically prepended with the name of the variable in order for the provider to know whether it controls the comment or not.

ensure

Valid values: present, absent, positioned

The basic property that the resource should be in.

Default value: present

Parameters

The following parameters are available in the sshd_config_match type.

condition

namevar

The condition of the Match group

name

The default namevar

position

Where to place the new entry

provider

The specific backend to use for this sshd_config_match resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

target

namevar

The file in which to manage the sshd_config_match entry

sshd_config_subsystem

Manages Subsystem settings in an OpenSSH sshd_config file.

Properties

The following properties are available in the sshd_config_subsystem type.

command

The command to execute upon subsystem request.

comment

Text to be stored in a comment immediately above the entry. It will be automatically prepended with the name of the variable in order for the provider to know whether it controls the comment or not.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

Parameters

The following parameters are available in the sshd_config_subsystem type.

name

namevar

The name of the subsystem to set.

provider

The specific backend to use for this sshd_config_subsystem resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

target

The file in which to store the settings, defaults to /etc/ssh/sshd_config.