Gitlab Community Edition Instance

Skip to content
Snippets Groups Projects
Normal view Permalink
openssh_server.pp 2.37 KiB
Newer Older
Benedikt Wegmann's avatar
ubuntu_server::openssh_server erstellt
Benedikt Wegmann committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 
# openssh-server konfigurieren
class ubuntu_server::openssh_server($port="22",$groups_only="root"){

    package{['openssh-server','openssh-blacklist-extra','openssh-blacklist']:
        ensure => present,
    }

    file_line{'openssh_server_config_Port':
        path => "/etc/ssh/sshd_config",
        line => "Port $port",
        match => "^Port",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_PermitRootLogin':
        path => "/etc/ssh/sshd_config",
        line => "PermitRootLogin without-password",
        match => "^PermitRootLogin",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_AllowGroups ':
        path => "/etc/ssh/sshd_config",
        line => "AllowGroups $groups_only",
        match => "^AllowGroups",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_KexAlgorithms':
        path => "/etc/ssh/sshd_config",
        line => "KexAlgorithms diffie-hellman-group-exchange-sha256",
        match => "^KexAlgorithms",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_Ciphers':
        path => "/etc/ssh/sshd_config",
        line => "Ciphers aes256-ctr,aes192-ctr,aes128-ctr",
        match => "^Ciphers",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_NoDSA':
        path => "/etc/ssh/sshd_config",
        line => "#HostKey /etc/ssh/ssh_host_dsa_key",
        match => "^HostKey /etc/ssh/ssh_host_dsa_key",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_NoEcdsa':
        path => "/etc/ssh/sshd_config",
        line => "#HostKey /etc/ssh/ssh_host_ecdsa_key",
        match => "^HostKey /etc/ssh/ssh_host_ecdsa_key",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_NoEd25519':
        path => "/etc/ssh/sshd_config",
        line => "#HostKey /etc/ssh/ssh_host_ed25519_key",
        match => "^HostKey /etc/ssh/ssh_host_ed25519_key",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    service{'ssh':
        ensure => running,
    }

    file{'/root/.ssh':
        ensure => directory,
        owner => root,
        group => root,
        mode => 700,
    }

}