confdroid/confdroid_ssh
1
0
Fork 0
Code Issues Projects Wiki Activity
Files
6a9563ae04682783416adba8f659474d8491cb2d
confdroid_ssh/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html

938 lines
24 KiB
HTML
Raw Normal View History

Recommit for updates in build 8
2026-04-09 13:47:28 +02:00
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Puppet Class: confdroid_ssh::params
&mdash; Documentation by YARD 0.9.36
</title>
<link rel="stylesheet" href="../css/style.css" type="text/css" />
<link rel="stylesheet" href="../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "puppet_classes::confdroid_ssh::params";
relpath = '../';
</script>
<script type="text/javascript" charset="utf-8" src="../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../puppet_class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../_index.html">Index (c)</a> &raquo;
<span class='title'><span class='object_link'>Puppet Classes</span></span>
&raquo;
<span class="title">confdroid_ssh::params</span>
</div>
<div id="search">
<a class="full_list_link" id="puppet_class_list_link"
href="../puppet_class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Puppet Class: confdroid_ssh::params</h1>
<div class="box_info">
<dl>
<dt>Inherited by:</dt>
<dd>
<span class='object_link'><a href="confdroid_ssh_3A_3Amain_3A_3Adirs.html" title="puppet_classes::confdroid_ssh::main::dirs (puppet_class)">confdroid_ssh::main::dirs</a></span><br/>
<span class='object_link'><a href="confdroid_ssh_3A_3Amain_3A_3Afiles.html" title="puppet_classes::confdroid_ssh::main::files (puppet_class)">confdroid_ssh::main::files</a></span><br/>
<span class='object_link'><a href="confdroid_ssh_3A_3Amain_3A_3Aconfig.html" title="puppet_classes::confdroid_ssh::main::config (puppet_class)">confdroid_ssh::main::config</a></span><br/>
<span class='object_link'><a href="confdroid_ssh_3A_3Amain_3A_3Ainstall.html" title="puppet_classes::confdroid_ssh::main::install (puppet_class)">confdroid_ssh::main::install</a></span><br/>
<span class='object_link'><a href="confdroid_ssh_3A_3Amain_3A_3Aservice.html" title="puppet_classes::confdroid_ssh::main::service (puppet_class)">confdroid_ssh::main::service</a></span><br/>
<span class='object_link'><a href="confdroid_ssh_3A_3Aselinux_3A_3Asemanage.html" title="puppet_classes::confdroid_ssh::selinux::semanage (puppet_class)">confdroid_ssh::selinux::semanage</a></span><br/>
Recommit for updates in build 10
2026-04-09 14:16:15 +02:00
<span class='object_link'><a href="confdroid_ssh_3A_3Afirewall_3A_3Aiptables.html" title="puppet_classes::confdroid_ssh::firewall::iptables (puppet_class)">confdroid_ssh::firewall::iptables</a></span><br/>
Recommit for updates in build 8
2026-04-09 13:47:28 +02:00
</dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>
manifests/params.pp
</dd>
</dl>
</div>
<h2>Summary</h2>
Class contains all class parameters for confdroid_ssh
<h2>Overview</h2>
<div class="docstring">
<div class="discussion">
<p>confdroid_ssh::params.pp Module name: confdroid_ssh Author: 12ww1160 (12ww1160@confdroid.com)</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>ssh_reqpackages</span>
<span class='type'>(<tt>Array</tt>)</span>
<em class="default">(defaults to: <tt>[&#39;openssh&#39;,&#39;openssh-clients&#39;,&#39;openssh-server&#39;]</tt>)</em>
&mdash;
<div class='inline'>
<p>packages to install</p>
</div>
</li>
<li>
<span class='name'>pkg_ensure</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;present&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>version to install: present or latest</p>
</div>
</li>
<li>
Recommit for updates in build 16
2026-04-09 15:07:46 +02:00
<span class='name'>ssh_fw_rule</span>
Recommit for updates in build 8
2026-04-09 13:47:28 +02:00
Recommit for updates in build 15
2026-04-09 15:01:50 +02:00
<span class='type'>(<tt>String</tt>)</span>
Recommit for updates in build 8
2026-04-09 13:47:28 +02:00
Recommit for updates in build 15
2026-04-09 15:01:50 +02:00
<em class="default">(defaults to: <tt>&#39;present&#39;</tt>)</em>
Recommit for updates in build 8
2026-04-09 13:47:28 +02:00
&mdash;
<div class='inline'>
Recommit for updates in build 15
2026-04-09 15:01:50 +02:00
<p>whether set the fw rule to present or absent.</p>
Recommit for updates in build 8
2026-04-09 13:47:28 +02:00
</div>
</li>
<li>
<span class='name'>ssh_fw_port</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;22&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>port to use for SSHD and in fw</p>
</div>
</li>
<li>
<span class='name'>ssh_fw_order</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;50&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>order of firewall rule</p>
</div>
</li>
<li>
<span class='name'>ssh_source_range</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;0.0.0.0/0&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>source range for firewall rule</p>
</div>
</li>
<li>
<span class='name'>ssh_manage_config</span>
<span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>true</tt>)</em>
&mdash;
<div class='inline'>
<p>whether to manage the configuration</p>
</div>
</li>
<li>
<span class='name'>ssh_address_family</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;any&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>AddressFamily setting for sshd_config</p>
</div>
</li>
<li>
<span class='name'>ssh_listen_address</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;0.0.0.0&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>ListenAddress setting for sshd_config</p>
</div>
</li>
<li>
<span class='name'>ssh_root_login</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;prohibit-password&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>PermitRootLogin setting for sshd_config</p>
</div>
</li>
<li>
<span class='name'>ssh_strict_modes</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>StrictModes setting for sshd_config</p>
</div>
</li>
<li>
<span class='name'>ssh_max_auth_tries</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;6&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>MaxAuthTries setting for sshd_config</p>
</div>
</li>
<li>
<span class='name'>ssh_max_sessions</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;10&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>MaxSessions setting for sshd_config</p>
Recommit for updates in build 17
2026-04-13 12:57:58 +02:00
</div>
</li>
<li>
<span class='name'>ssh_pubkey_auth</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>PubkeyAuthentication setting for sshd_config</p>
</div>
</li>
<li>
<span class='name'>ssh_auth_key_files</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;.ssh/authorized_keys&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>AuthorizedKeysFile setting for sshd_config</p>
</div>
</li>
<li>
<span class='name'>ssh_authorized_principals_file</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;none&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>AuthorizedPrincipalsFile setting for sshd_config. Default is none to disable this setting.</p>
</div>
</li>
<li>
<span class='name'>ssh_authorized_keys_command</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;none&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>AuthorizedKeysCommand setting for sshd_config. Default is none to disable this setting.</p>
</div>
</li>
<li>
<span class='name'>ssh_authorized_keys_command_user</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;nobody&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>AuthorizedKeysCommandUser setting for sshd_config. Default is nobody to use an unpriviledged user.</p>
</div>
</li>
<li>
<span class='name'>ssh_use_specific_hostkey</span>
<span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>false</tt>)</em>
&mdash;
<div class='inline'>
<p>whether to use a specific host key</p>
</div>
</li>
<li>
<span class='name'>ssh_hostkey_type</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;rsa&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>type of host key to use if ssh_use_specific_hostkey is true</p>
Recommit for updates in build 18
2026-04-13 13:10:40 +02:00
</div>
</li>
<li>
<span class='name'>ssh_rekeylimit</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;default none&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>RekeyLimit setting for sshd_config. Default is default none.</p>
</div>
</li>
<li>
<span class='name'>ssh_syslog_facility</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;AUTH&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>SyslogFacility setting for sshd_config. Default is AUTH.</p>
</div>
</li>
<li>
<span class='name'>ssh_log_level</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;INFO&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>LogLevel setting for sshd_config. Default is INFO.</p>
Recommit for updates in build 21
2026-04-13 14:21:20 +02:00
</div>
</li>
<li>
<span class='name'>ssh_password_authentication</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>PasswordAuthentication setting for sshd_config. Default is no, which requires key-based authentication. This is a recommended security setting, so passwords do not show up in logs, but can be set to yes if password authentication is desired.</p>
</div>
</li>
<li>
<span class='name'>ssh_permit_empty_passwords</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>PermitEmptyPasswords setting for sshd_config. Default is no, which is a recommended security setting and works in connection with key-based authentication, but can be set to yes if password authentication should be allowed and empty passwords should be allowed. Again, this should be used with caution if enabled.</p>
</div>
</li>
<li>
<span class='name'>ssh_kbd_interactive_auth</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no, which is a recommended security setting together with password authentication, but can be set to yes if keyboard-interactive authentication should be allowed. (not recommended)</p>
Recommit for updates in build 22
2026-04-13 14:55:14 +02:00
</div>
</li>
<li>
<span class='name'>ssh_kerberos_authentication</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. Kerberos authentication is not commonly used and requires a lot of other settings, so it is disabled by default, but can be set to yes if desired.</p>
</div>
</li>
<li>
<span class='name'>ssh_kerberos_or_local_passwd</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if Kerberos authentication is enabled, and should be set to yes if you want to allow local password authentication as a fallback if Kerberos authentication fails, but can be set to no if you want to only allow Kerberos authentication.</p>
</div>
</li>
<li>
<span class='name'>ssh_kerberos_ticket_cleanup</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if Kerberos authentication is enabled, and should be set to yes if you want to enable ticket cleanup, but can be set to no if you want to disable it.</p>
</div>
</li>
<li>
<span class='name'>ssh_kerberos_get_afstoken</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if Kerberos authentication is enabled, and should be set to yes if you want to enable AFS token retrieval, but can be set to no if you want to disable it.</p>
</div>
</li>
<li>
<span class='name'>ssh_kerberos_use_kuserok</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if Kerberos authentication is enabled, and should be set to yes if you want to enable userok with Kerberos, but can be set to no if you want to disable it.</p>
</div>
</li>
<li>
<span class='name'>ssh_use_kerberos</span>
<span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>false</tt>)</em>
&mdash;
<div class='inline'>
<p>whether to use Kerberos authentication. If true, the relevant Kerberos settings will be included in the sshd_config, otherwise they will be ignored.</p>
</div>
</li>
<li>
<span class='name'>ssh_use_gssapi</span>
<span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>false</tt>)</em>
&mdash;
<div class='inline'>
<p>whether to use GSSAPI authentication. If true, GSSAPI authentication will be enabled in sshd_config, otherwise it will be disabled. GSSAPI authentication is not commonly used and requires a lot of other settings, so it is disabled by default, but can be set to true if desired.</p>
</div>
</li>
<li>
<span class='name'>ssh_gssapi_authentication</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if GSSAPI authentication is enabled, and should be set to yes if you want to enable GSS authentication, but can be set to no if you want to disable it.</p>
</div>
</li>
<li>
<span class='name'>ssh_gssapi_cleanup_credentials</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if GSSAPI authentication is enabled, and should be set to yes if you want to enable GSS credential cleanup, but can be set to no if you want to disable it.</p>
</div>
</li>
<li>
<span class='name'>ssh_gssapi_key_exchange</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if GSSAPI authentication is enabled, and should be set to yes if you want to enable GSS key exchange.</p>
</div>
</li>
<li>
<span class='name'>ssh_gssapi_enablek5users</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if GSSAPI authentication is enabled, and should be set to yes if you want to enable GSSAPI for k5users.</p>
Recommit for updates in build 8
2026-04-09 13:47:28 +02:00
</div>
</li>
</ul>
</div><div class="method_details_list">
<table class="source_code">
<tr>
<td>
<pre class="lines">
Recommit for updates in build 21
2026-04-13 14:21:20 +02:00
93
94
95
96
97
98
99
100
101
102
Recommit for updates in build 22
2026-04-13 14:55:14 +02:00
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158</pre>
Recommit for updates in build 8
2026-04-09 13:47:28 +02:00
</td>
<td>
Recommit for updates in build 22
2026-04-13 14:55:14 +02:00
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 93</span>
Recommit for updates in build 8
2026-04-09 13:47:28 +02:00
class confdroid_ssh::params (
Recommit for updates in build 17
2026-04-13 12:57:58 +02:00
Array $ssh_reqpackages = [&#39;openssh&#39;,&#39;openssh-clients&#39;,&#39;openssh-server&#39;],
String $pkg_ensure = &#39;present&#39;,
Recommit for updates in build 8
2026-04-09 13:47:28 +02:00
# firewall settings
Recommit for updates in build 17
2026-04-13 12:57:58 +02:00
String $ssh_fw_rule = &#39;present&#39;,
String $ssh_fw_port = &#39;22&#39;,
String $ssh_fw_order = &#39;50&#39;,
String $ssh_source_range = &#39;0.0.0.0/0&#39;,
Recommit for updates in build 8
2026-04-09 13:47:28 +02:00
Recommit for updates in build 17
2026-04-13 12:57:58 +02:00
# sshd configuration
Boolean $ssh_manage_config = true,
String $ssh_address_family = &#39;any&#39;,
String $ssh_listen_address = &#39;0.0.0.0&#39;,
String $ssh_root_login = &#39;prohibit-password&#39;,
String $ssh_strict_modes = &#39;yes&#39;,
String $ssh_max_auth_tries = &#39;6&#39;,
String $ssh_max_sessions = &#39;10&#39;,
String $ssh_pubkey_auth = &#39;yes&#39;,
String $ssh_auth_key_files = &#39;.ssh/authorized_keys&#39;,
String $ssh_authorized_principals_file = &#39;none&#39;,
String $ssh_authorized_keys_command = &#39;none&#39;,
String $ssh_authorized_keys_command_user = &#39;nobody&#39;,
Boolean $ssh_use_specific_hostkey = false,
String $ssh_hostkey_type = &#39;rsa&#39;,
Recommit for updates in build 18
2026-04-13 13:10:40 +02:00
String $ssh_rekeylimit = &#39;default none&#39;,
String $ssh_syslog_facility = &#39;AUTH&#39;,
Recommit for updates in build 21
2026-04-13 14:21:20 +02:00
String $ssh_log_level = &#39;INFO&#39;,
String $ssh_password_authentication = &#39;no&#39;,
String $ssh_permit_empty_passwords = &#39;no&#39;,
Recommit for updates in build 22
2026-04-13 14:55:14 +02:00
String $ssh_kbd_interactive_auth = &#39;no&#39;,
Boolean $ssh_use_kerberos = false,
String $ssh_kerberos_authentication = &#39;yes&#39;,
String $ssh_kerberos_or_local_passwd = &#39;yes&#39;,
String $ssh_kerberos_ticket_cleanup = &#39;yes&#39;,
String $ssh_kerberos_get_afstoken = &#39;no&#39;,
String $ssh_kerberos_use_kuserok = &#39;yes&#39;,
Boolean $ssh_use_gssapi = false,
String $ssh_gssapi_authentication = &#39;yes&#39;,
String $ssh_gssapi_cleanup_credentials = &#39;yes&#39;,
String $ssh_gssapi_key_exchange = &#39;no&#39;,
String $ssh_gssapi_enablek5users = &#39;no&#39;,
Recommit for updates in build 8
2026-04-09 13:47:28 +02:00
) {
# default facts
$fqdn = $facts[&#39;networking&#39;][&#39;fqdn&#39;]
$hostname = $facts[&#39;networking&#39;][&#39;hostname&#39;]
$domain = $facts[&#39;networking&#39;][&#39;domain&#39;]
$os_name = $facts[&#39;os&#39;][&#39;name&#39;]
$os_release = $facts[&#39;os&#39;][&#39;release&#39;][&#39;major&#39;]
$sshd_user = &#39;root&#39;
$ssh_etc_path = &#39;/etc/ssh&#39;
$sshd_service = &#39;sshd&#39;
$sshd_config_path = &quot;${ssh_etc_path}/sshd_config&quot;
$sshd_custom_path = &quot;${ssh_etc_path}/sshd_config.d&quot;
$sshd_custom_conf = &quot;${sshd_custom_path}/10-custom.conf&quot;
$sshd_custom_erb = &#39;confdroid_ssh/sshd_custom_conf.erb&#39;
$sshd_config_erb = &#39;confdroid_ssh/sshd_config.erb&#39;
$sshd_root_login_file = &quot;${sshd_custom_path}/01-permitrootlogin.conf&quot;
# includes must be last
include confdroid_ssh::main::config
}</pre>
</td>
</tr>
</table>
</div>
</div>
<div id="footer">
Generated by <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>.
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink