# openssh-server konfigurieren
class ubuntu_server::openssh_server($port="22",$groups_only="root"){
package{['openssh-server','openssh-blacklist-extra','openssh-blacklist']:
ensure => present,
}
file_line{'openssh_server_config_Port':
path => "/etc/ssh/sshd_config",
line => "Port $port",
match => "^Port",
require => Package["openssh-server"],
} ~> Service['ssh']
file_line{'openssh_server_config_PermitRootLogin':
path => "/etc/ssh/sshd_config",
line => "PermitRootLogin without-password",
match => "^PermitRootLogin",
require => Package["openssh-server"],
} ~> Service['ssh']
file_line{'openssh_server_config_AllowGroups ':
path => "/etc/ssh/sshd_config",
line => "AllowGroups $groups_only",
match => "^AllowGroups",
require => Package["openssh-server"],
} ~> Service['ssh']
file_line{'openssh_server_config_KexAlgorithms':
path => "/etc/ssh/sshd_config",
line => "KexAlgorithms diffie-hellman-group-exchange-sha256",
match => "^KexAlgorithms",
require => Package["openssh-server"],
} ~> Service['ssh']
file_line{'openssh_server_config_Ciphers':
path => "/etc/ssh/sshd_config",
line => "Ciphers aes256-ctr,aes192-ctr,aes128-ctr",
match => "^Ciphers",
require => Package["openssh-server"],
} ~> Service['ssh']
file_line{'openssh_server_config_NoDSA':
path => "/etc/ssh/sshd_config",
line => "#HostKey /etc/ssh/ssh_host_dsa_key",
match => "^HostKey /etc/ssh/ssh_host_dsa_key",
require => Package["openssh-server"],
} ~> Service['ssh']
file_line{'openssh_server_config_NoEcdsa':
path => "/etc/ssh/sshd_config",
line => "#HostKey /etc/ssh/ssh_host_ecdsa_key",
match => "^HostKey /etc/ssh/ssh_host_ecdsa_key",
require => Package["openssh-server"],
} ~> Service['ssh']
file_line{'openssh_server_config_NoEd25519':
path => "/etc/ssh/sshd_config",
line => "#HostKey /etc/ssh/ssh_host_ed25519_key",
match => "^HostKey /etc/ssh/ssh_host_ed25519_key",
require => Package["openssh-server"],
} ~> Service['ssh']
service{'ssh':
ensure => running,
}
file{'/root/.ssh':
ensure => directory,
owner => root,
group => root,
mode => 700,
}
}