Gitlab Community Edition Instance

Skip to content
Snippets Groups Projects
Normal view Permalink
openssh_server.pp 2.64 KiB
Newer Older
  • Learn to ignore specific revisions
    • Benedikt Wegmann's avatar
    ubuntu_server::openssh_server erstellt
    Benedikt Wegmann committed
    1 
    # openssh-server konfigurieren
    Benedikt Wegmann's avatar
    openssh: FIX  
    Benedikt Wegmann committed
    2 
    class ubuntu_server::openssh_server($port="22",$groups_only="root",$authorized_keys=false){
    Benedikt Wegmann's avatar
    ubuntu_server::openssh_server erstellt
    Benedikt Wegmann committed
    3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 
    
    package{['openssh-server','openssh-blacklist-extra','openssh-blacklist']:
        ensure => present,
    }

    file_line{'openssh_server_config_Port':
        path => "/etc/ssh/sshd_config",
        line => "Port $port",
        match => "^Port",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_PermitRootLogin':
        path => "/etc/ssh/sshd_config",
        line => "PermitRootLogin without-password",
        match => "^PermitRootLogin",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_AllowGroups ':
        path => "/etc/ssh/sshd_config",
        line => "AllowGroups $groups_only",
        match => "^AllowGroups",
        require => Package["openssh-server"],
    } ~> Service['ssh']
    Benedikt Wegmann's avatar
    openssh: FIX  
    Benedikt Wegmann committed
    29 
        unless $authorized_keys == false {
    Benedikt Wegmann's avatar
    openssh: authorized_keys  
    Benedikt Wegmann committed
    30 31 32 
            file{'/root/.ssh/authorized_keys':
            ensure => present,
            mode => 0664,
    Benedikt Wegmann's avatar
    openssh: FIX  
    Benedikt Wegmann committed
    33 34 
                owner => root,
            group => root,
    Benedikt Wegmann's avatar
    openssh: authorized_keys  
    Benedikt Wegmann committed
    35 36 37 38 
                source => $authorized_keys,
        }
    }
    Benedikt Wegmann's avatar
    ubuntu_server::openssh_server erstellt
    Benedikt Wegmann committed
    39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 
        file_line{'openssh_server_config_KexAlgorithms':
        path => "/etc/ssh/sshd_config",
        line => "KexAlgorithms diffie-hellman-group-exchange-sha256",
        match => "^KexAlgorithms",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_Ciphers':
        path => "/etc/ssh/sshd_config",
        line => "Ciphers aes256-ctr,aes192-ctr,aes128-ctr",
        match => "^Ciphers",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_NoDSA':
        path => "/etc/ssh/sshd_config",
        line => "#HostKey /etc/ssh/ssh_host_dsa_key",
        match => "^HostKey /etc/ssh/ssh_host_dsa_key",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_NoEcdsa':
        path => "/etc/ssh/sshd_config",
        line => "#HostKey /etc/ssh/ssh_host_ecdsa_key",
        match => "^HostKey /etc/ssh/ssh_host_ecdsa_key",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    file_line{'openssh_server_config_NoEd25519':
        path => "/etc/ssh/sshd_config",
        line => "#HostKey /etc/ssh/ssh_host_ed25519_key",
        match => "^HostKey /etc/ssh/ssh_host_ed25519_key",
        require => Package["openssh-server"],
    } ~> Service['ssh']

    service{'ssh':
        ensure => running,
    }

    file{'/root/.ssh':
        ensure => directory,
        owner => root,
        group => root,
        mode => 700,
    }

}