Skip to content

Latest commit

 

History

History
2897 lines (1789 loc) · 96.2 KB

REFERENCE.md

File metadata and controls

2897 lines (1789 loc) · 96.2 KB

Reference

Table of Contents

Classes

  • ssh: Class to manage SSH client
  • ssh::server: Class to manage SSH server

Defined types

Data types

Classes

ssh

Notes: Match and Host attributes are not directly supported as multiple match/host blocks can exist. Use the custom parameter for that.

Parameters

The following parameters are available in the ssh class:

config_entries

Data type: Hash

Hash of configuration entries passed to ssh::config_entries define. Please check the docs for ssh::config_entries for a list and details of the parameters usable here.

Default value: {}

config_group

Data type: String[1]

User group used for ssh_config file.

Default value: 'root'

config_mode

Data type: Stdlib::Filemode

File mode used for ssh_config file.

Default value: '0644'

config_owner

Data type: String[1]

User/Owner used for ssh_config file.

Default value: 'root'

config_path

Data type: Stdlib::Absolutepath

Absolute path to ssh_config file.

Default value: '/etc/ssh/ssh_config'

global_known_hosts_group

Data type: String[1]

User group used for global used known_hosts file.

Default value: 'root'

global_known_hosts_mode

Data type: Stdlib::Filemode

File mode used for global used known_hosts file.

Default value: '0644'

global_known_hosts_owner

Data type: String[1]

User/Owner used for global used known_hosts file.

Default value: 'root'

global_known_hosts_path

Data type: Stdlib::Absolutepath

Absolute path to global used known_hosts file.

Default value: '/etc/ssh/ssh_known_hosts'

keys

Data type: Hash

Hash of keys to be added to ~/.ssh/authorized_keys for users.

Default value: {}

manage_global_known_hosts

Data type: Boolean

Boolean to choose if the global used known hosts file should be managed.

Default value: true

manage_root_ssh_config

Data type: Boolean

Boolean to choose if the ssh_config file of root should be managed.

Default value: false

manage_server

Data type: Boolean

Boolean to choose if the SSH daemon and its configuration should be managed.

Default value: true

manage_sshkey

Data type: Boolean

Boolean to choose if SSH keys should be managed. Also see $purge_keys.

Default value: true

manage_packages

Data type: Boolean

Boolean to choose if SSH client packages should be managed.

Default value: true

packages

Data type: Array[String[1]]

Installation package(s) for the SSH client.

Default value: []

packages_ensure

Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]

Ensure parameter to SSH client package(s).

Default value: 'installed'

packages_adminfile

Data type: Optional[Stdlib::Absolutepath]

Path to adminfile for SSH client package(s) installation. Needed for Solaris.

Default value: undef

packages_source

Data type: Optional[Stdlib::Absolutepath]

Source to SSH client package(s). Needed for Solaris.

Default value: undef

purge_keys

Data type: Boolean

If SSH keys not managed by Puppet should get removed. Also see $manage_sshkey.

Default value: true

root_ssh_config_content

Data type: String[1]

Content of the ssh_config file of root.

Default value: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n"

config_files

Data type: Hash

Hash of configuration entries passed to ssh::config_file_client define. Please check the docs for ssh::config_file_client and the type Ssh::Ssh_Config for a list and details of the parameters usable here.

Default value: {}

host

Data type: Optional[String[1]]

Value(s) passed to Host parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Host for possible values.

Default value: undef

add_keys_to_agent

Data type: Optional[Enum['yes', 'no', 'ask', 'confirm']]

Value(s) passed to AddKeysToAgent parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#AddKeysToAgent for possible values.

Default value: undef

address_family

Data type: Optional[Enum['any', 'inet', 'inet6']]

Value(s) passed to AddressFamily parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#AddressFamily for possible values.

Default value: undef

batch_mode

Data type: Optional[Ssh::Yes_no]

Value(s) passed to BatchMode parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#BatchMode for possible values.

Default value: undef

bind_address

Data type: Optional[String[1]]

Value(s) passed to BindAddress parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#BindAddress for possible values.

Default value: undef

bind_interface

Data type: Optional[String[1]]

Value(s) passed to BindInterface parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#BindInterface for possible values.

Default value: undef

canonical_domains

Data type: Optional[Array[String[1]]]

Value(s) passed to CanonicalDomains parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CanonicalDomains for possible values.

Default value: undef

canonicalize_fallback_local

Data type: Optional[Ssh::Yes_no]

Value(s) passed to CanonicalizeFallbackLocal parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CanonicalizeFallbackLocal for possible values.

Default value: undef

canonicalize_hostname

Data type: Optional[Enum['yes', 'no', 'always']]

Value(s) passed to CanonicalizeHostname parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CanonicalizeHostname for possible values.

Default value: undef

canonicalize_max_dots

Data type: Optional[Integer[0]]

Value(s) passed to CanonicalizeMaxDots parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CanonicalizeMaxDots for possible values.

Default value: undef

canonicalize_permitted_cnames

Data type: Optional[Array[String[1]]]

Value(s) passed to CanonicalizePermittedCNAMEs parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CanonicalizePermittedCNAMEs for possible values.

Default value: undef

ca_signature_algorithms

Data type: Optional[Array[String[1]]]

Value(s) passed to CASignatureAlgorithms parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CASignatureAlgorithms for possible values.

Default value: undef

certificate_file

Data type: Optional[Array[String[1]]]

Value(s) passed to CertificateFile parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CertificateFile for possible values.

Default value: undef

check_host_ip

Data type: Optional[Ssh::Yes_no]

Value(s) passed to CheckHostIP parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CheckHostIP for possible values.

Default value: undef

ciphers

Data type: Optional[Array[String[1]]]

Value(s) passed to Ciphers parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Ciphers for possible values.

Default value: undef

clear_all_forwardings

Data type: Optional[Ssh::Yes_no]

Value(s) passed to ClearAllForwardings parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ClearAllForwardings for possible values.

Default value: undef

compression

Data type: Optional[Ssh::Yes_no]

Value(s) passed to Compression parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Compression for possible values.

Default value: undef

connection_attempts

Data type: Optional[Integer[0]]

Value(s) passed to ConnectionAttempts parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ConnectionAttempts for possible values.

Default value: undef

connect_timeout

Data type: Optional[Integer[0]]

Value(s) passed to ConnectTimeout parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ConnectTimeout for possible values.

Default value: undef

control_master

Data type: Optional[Enum['yes', 'no', 'ask', 'auto', 'autoask']]

Value(s) passed to ControlMaster parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ControlMaster for possible values.

Default value: undef

control_path

Data type: Optional[String[1]]

Value(s) passed to ControlPath parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ControlPath for possible values.

Default value: undef

control_persist

Data type: Optional[String[1]]

Value(s) passed to ControlPersist parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ControlPersist for possible values.

Default value: undef

dynamic_forward

Data type: Optional[String[1]]

Value(s) passed to DynamicForward parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#DynamicForward for possible values.

Default value: undef

enable_ssh_keysign

Data type: Optional[Ssh::Yes_no]

Value(s) passed to EnableSSHKeysign parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#EnableSSHKeysign for possible values.

Default value: undef

escape_char

Data type: Optional[String[1]]

Value(s) passed to EscapeChar parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#EscapeChar for possible values.

Default value: undef

exit_on_forward_failure

Data type: Optional[Ssh::Yes_no]

Value(s) passed to ExitOnForwardFailure parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ExitOnForwardFailure for possible values.

Default value: undef

fingerprint_hash

Data type: Optional[Enum['sha256', 'md5']]

Value(s) passed to FingerprintHash parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#FingerprintHash for possible values.

Default value: undef

fork_after_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to ForkAfterAuthentication parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ForkAfterAuthentication for possible values.

Default value: undef

forward_agent

Data type: Optional[Ssh::Yes_no]

Value(s) passed to ForwardAgent parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ForwardAgent for possible values.

Default value: undef

forward_x11

Data type: Optional[Ssh::Yes_no]

Value(s) passed to ForwardX11 parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ForwardX11 for possible values.

Default value: undef

forward_x11_timeout

Data type: Variant[Undef, String[1], Integer[0]]

Value(s) passed to ForwardX11Timeout parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ForwardX11Timeout for possible values.

Default value: undef

forward_x11_trusted

Data type: Optional[Ssh::Yes_no]

Value(s) passed to ForwardX11Trusted parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ForwardX11Trusted for possible values.

Default value: undef

gateway_ports

Data type: Optional[Ssh::Yes_no]

Value(s) passed to GatewayPorts parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#GatewayPorts for possible values.

Default value: undef

global_known_hosts_file

Data type: Optional[Array[String[1]]]

Value(s) passed to GlobalKnownHostsFile parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#GlobalKnownHostsFile for possible values.

Default value: undef

gss_api_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to GSSAPIAuthentication parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#GSSAPIAuthentication for possible values.

Default value: undef

gss_api_delegate_credentials

Data type: Optional[Ssh::Yes_no]

Value(s) passed to GSSAPIDelegateCredentials parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#GSSAPIDelegateCredentials for possible values.

Default value: undef

hash_known_hosts

Data type: Optional[Ssh::Yes_no]

Value(s) passed to HashKnownHosts parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#HashKnownHosts for possible values.

Default value: undef

hostbased_accepted_algorithms

Data type: Optional[Array[String[1]]]

Value(s) passed to HostbasedAcceptedAlgorithms parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#HostbasedAcceptedAlgorithms for possible values.

Default value: undef

hostbased_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to HostbasedAuthentication parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#HostbasedAuthentication for possible values.

Default value: undef

host_key_algorithms

Data type: Optional[Array[String[1]]]

Value(s) passed to HostKeyAlgorithms parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#HostKeyAlgorithms for possible values.

Default value: undef

host_key_alias

Data type: Optional[String[1]]

Value(s) passed to HostKeyAlias parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#HostKeyAlias for possible values.

Default value: undef

hostname

Data type: Optional[String[1]]

Value(s) passed to Hostname parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Hostname for possible values.

Default value: undef

identities_only

Data type: Optional[Ssh::Yes_no]

Value(s) passed to IdentitiesOnly parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#IdentitiesOnly for possible values.

Default value: undef

identity_agent

Data type: Optional[String[1]]

Value(s) passed to IdentityAgent parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#IdentityAgent for possible values.

Default value: undef

identity_file

Data type: Optional[Array[String[1]]]

Value(s) passed to IdentityFile parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#IdentityFile for possible values.

Default value: undef

ignore_unknown

Data type: Optional[Array[String[1]]]

Value(s) passed to IgnoreUnknown parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#IgnoreUnknown for possible values.

Default value: undef

include

Data type: Optional[Stdlib::Absolutepath]

Value(s) passed to Include parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Include for possible values.

Default value: undef

include_dir_owner

Data type: String[1]

The owner of the include directory

Default value: 'root'

include_dir_group

Data type: String[1]

The group of the include directory

Default value: 'root'

include_dir_mode

Data type: Stdlib::Filemode

The mode of the include directory

Default value: '0755'

include_dir_purge

Data type: Boolean

Sets whether to purge the include_dir of unmanaged files

Default value: true

ip_qos

Data type: Optional[String[1]]

Value(s) passed to IPQoS parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#IPQoS for possible values.

Default value: undef

kbd_interactive_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to KbdInteractiveAuthentication parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#KbdInteractiveAuthentication for possible values.

Default value: undef

kbd_interactive_devices

Data type: Optional[Array[String[1]]]

Value(s) passed to KbdInteractiveDevices parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#KbdInteractiveDevices for possible values.

Default value: undef

kex_algorithms

Data type: Optional[Array[String[1]]]

Value(s) passed to KexAlgorithms parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#KexAlgorithms for possible values.

Default value: undef

kown_hosts_command

Data type: Optional[String[1]]

Value(s) passed to KnownHostsCommand parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#KnownHostsCommand for possible values.

Default value: undef

local_command

Data type: Optional[String[1]]

Value(s) passed to LocalCommand parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#LocalCommand for possible values.

Default value: undef

local_forward

Data type: Optional[String[1]]

Value(s) passed to LocalForward parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#LocalForward for possible values.

Default value: undef

log_level

Data type: Optional[Ssh::Log_level]

Value(s) passed to LogLevel parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#LogLevel for possible values.

Default value: undef

log_verbose

Data type: Optional[String[1]]

Value(s) passed to LogVerbose parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#LogVerbose for possible values.

Default value: undef

macs

Data type: Optional[Array[String[1]]]

Value(s) passed to MACs parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#MACs for possible values.

Default value: undef

no_host_authentication_for_localhost

Data type: Optional[Ssh::Yes_no]

Value(s) passed to NoHostAuthenticationForLocalhost parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#NoHostAuthenticationForLocalhost for possible values.

Default value: undef

number_of_password_prompts

Data type: Optional[Integer]

Value(s) passed to NumberOfPasswordPrompts parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#NumberOfPasswordPrompts for possible values.

Default value: undef

password_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to PasswordAuthentication parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PasswordAuthentication for possible values.

Default value: undef

permit_local_command

Data type: Optional[Ssh::Yes_no]

Value(s) passed to PermitLocalCommand parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PermitLocalCommand for possible values.

Default value: undef

permit_remote_open

Data type: Optional[Array[String[1]]]

Value(s) passed to PermitRemoteOpen parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PermitRemoteOpen for possible values.

Default value: undef

pkcs11_provider

Data type: Optional[String[1]]

Value(s) passed to PKCS11Provider parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PKCS11Provider for possible values.

Default value: undef

port

Data type: Optional[Stdlib::Port]

Value(s) passed to Port parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Port for possible values.

Default value: undef

preferred_authentications

Data type: Optional[Array[String[1]]]

Value(s) passed to PreferredAuthentications parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PreferredAuthentications for possible values.

Default value: undef

proxy_command

Data type: Optional[String[1]]

Value(s) passed to ProxyCommand parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ProxyCommand for possible values.

Default value: undef

proxy_jump

Data type: Optional[Array[String[1]]]

Value(s) passed to ProxyJump parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ProxyJump for possible values.

Default value: undef

proxy_use_fdpass

Data type: Optional[Ssh::Yes_no]

Value(s) passed to ProxyUseFdpass parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ProxyUseFdpass for possible values.

Default value: undef

pubkey_accepted_algorithms

Data type: Optional[Array[String[1]]]

Value(s) passed to PubkeyAcceptedAlgorithms parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PubkeyAcceptedAlgorithms for possible values.

Default value: undef

pubkey_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to PubkeyAuthentication parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PubkeyAuthentication for possible values.

Default value: undef

rekey_limit

Data type: Optional[String[1]]

Value(s) passed to RekeyLimit parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#RekeyLimit for possible values.

Default value: undef

remote_command

Data type: Optional[String[1]]

Value(s) passed to RemoteCommand parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#RemoteCommand for possible values.

Default value: undef

remote_forward

Data type: Optional[String[1]]

Value(s) passed to RemoteForward parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#RemoteForward for possible values.

Default value: undef

request_tty

Data type: Optional[Enum['no', 'yes', 'force', 'auto']]

Value(s) passed to RequestTTY parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#RequestTTY for possible values.

Default value: undef

revoked_host_keys

Data type: Optional[String[1]]

Value(s) passed to RevokedHostKeys parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#RevokedHostKeys for possible values.

Default value: undef

security_key_provider

Data type: Optional[String[1]]

Value(s) passed to SecurityKeyProvider parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#SecurityKeyProvider for possible values.

Default value: undef

send_env

Data type: Optional[Array[String[1]]]

Value(s) passed to SendEnv parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#SendEnv for possible values.

Default value: undef

server_alive_count_max

Data type: Variant[Undef, String[1], Integer[0]]

Value(s) passed to ServerAliveCountMax parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ServerAliveCountMax for possible values.

Default value: undef

server_alive_interval

Data type: Variant[Undef, String[1], Integer[0]]

Value(s) passed to ServerAliveInterval parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ServerAliveInterval for possible values.

Default value: undef

session_type

Data type: Optional[Enum['default', 'none', 'subsystem']]

Value(s) passed to SessionType parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#SessionType for possible values.

Default value: undef

set_env

Data type: Optional[Array[String[1]]]

Value(s) passed to SetEnv parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#SetEnv for possible values.

Default value: undef

stdin_null

Data type: Optional[Ssh::Yes_no]

Value(s) passed to StdinNull parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#StdinNull for possible values.

Default value: undef

stream_local_bind_mask

Data type: Optional[Pattern[/^[0-7]{4}$/]]

Value(s) passed to StreamLocalBindMask parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#StreamLocalBindMask for possible values.

Default value: undef

stream_local_bind_unlink

Data type: Optional[Ssh::Yes_no]

Value(s) passed to StreamLocalBindUnlink parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#StreamLocalBindUnlink for possible values.

Default value: undef

strict_host_key_checking

Data type: Optional[Enum['yes', 'no', 'accept-new', 'off', 'ask']]

Value(s) passed to StrictHostKeyChecking parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#StrictHostKeyChecking for possible values.

Default value: undef

syslog_facility

Data type: Optional[Ssh::Syslog_facility]

Value(s) passed to SyslogFacility parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#SyslogFacility for possible values.

Default value: undef

tcp_keep_alive

Data type: Optional[Ssh::Yes_no]

Value(s) passed to TCPKeepAlive parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#TCPKeepAlive for possible values.

Default value: undef

tunnel

Data type: Optional[Enum['yes', 'no', 'point-to-point', 'ethernet']]

Value(s) passed to Tunnel parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Tunnel for possible values.

Default value: undef

tunnel_device

Data type: Optional[String[1]]

Value(s) passed to TunnelDevice parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#TunnelDevice for possible values.

Default value: undef

update_host_keys

Data type: Optional[Enum['yes', 'no', 'ask']]

Value(s) passed to UpdateHostKeys parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#UpdateHostKeys for possible values.

Default value: undef

user

Data type: Optional[String[1]]

Value(s) passed to User parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#User for possible values.

Default value: undef

user_known_hosts_file

Data type: Optional[Array[String[1]]]

Value(s) passed to UserKnownHostsFile parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#UserKnownHostsFile for possible values.

Default value: undef

use_roaming

Data type: Optional[Ssh::Yes_no]

Value(s) passed to the UseRoaming parameter in ssh_config. Unused if empty.

Default value: undef

verify_host_key_dns

Data type: Optional[Enum['yes', 'no', 'ask']]

Value(s) passed to VerifyHostKeyDNS parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#VerifyHostKeyDNS for possible values.

Default value: undef

visual_host_key

Data type: Optional[Ssh::Yes_no]

Value(s) passed to VisualHostKey parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#VisualHostKey for possible values.

Default value: undef

xauth_location

Data type: Optional[String[1]]

Value(s) passed to XAuthLocation parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#XAuthLocation for possible values.

Default value: undef

custom

Data type: Optional[Array[String[1]]]

Array of custom lines to be added to client configuration file ssh_config. Uses one array item per line to be added.

Default value: undef

ssh::server

Notes: Match attribute is not directly supported as multiple match blocks can exist. Use the custom parameter for that.

Parameters

The following parameters are available in the ssh::server class:

banner_content

Data type: Optional[String[1]]

Content of SSHd banner file.

Default value: undef

banner_group

Data type: String[1]

User group used for SSHd banner file.

Default value: 'root'

banner_mode

Data type: Stdlib::Filemode

File mode used for SSHd banner file.

Default value: '0644'

banner_owner

Data type: String[1]

User/Owner used for SSHd banner file.

Default value: 'root'

banner_path

Data type: Stdlib::Absolutepath

Absolute path to SSHd banner file.

Default value: '/etc/sshd_banner'

config_group

Data type: String[1]

User group used for sshd_config file.

Default value: 'root'

config_mode

Data type: Stdlib::Filemode

File mode used for sshd_config file.

Default value: '0600'

config_owner

Data type: String[1]

User/Owner used for sshd_config file.

Default value: 'root'

config_path

Data type: Stdlib::Absolutepath

Absolute path to sshd_config file.

Default value: '/etc/ssh/sshd_config'

manage_service

Data type: Boolean

Boolean to choose if the SSH daemon should be managed.

Default value: true

manage_packages

Data type: Boolean

Boolean to choose if SSH client packages should be managed.

Default value: true

packages

Data type: Array[String[1]]

Installation package(s) for the SSH server. Leave empty if the client package(s) also include the server binaries (eg: Suse SLES and SLED).

Default value: []

packages_ensure

Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]

Ensure parameter to SSH server package(s).

Default value: 'installed'

packages_adminfile

Data type: Optional[Stdlib::Absolutepath]

Path to adminfile for SSH server package(s) installation. Needed for Solaris.

Default value: undef

packages_source

Data type: Optional[Stdlib::Absolutepath]

Source to SSH server package(s). Needed for Solaris.

Default value: undef

service_enable

Data type: Boolean

enable attribure for SSH daemon.

Default value: true

service_ensure

Data type: Stdlib::Ensure::Service

ensure attribute for SSH daemon.

Default value: 'running'

service_hasrestart

Data type: Boolean

hasrestart attribute for SSH daemon.

Default value: true

service_hasstatus

Data type: Boolean

hasstatus attribute for SSH daemon.

Default value: true

config_files

Data type: Hash

Hash of configuration entries passed to ssh::config_file_server define. Please check the docs for ssh::config_file_client and the type Ssh::Sshd_Config for a list and details of the parameters usable here.

Default value: {}

service_name

Data type: String[1]

Name of the SSH daemon.

Default value: 'sshd'

accept_env

Data type: Optional[Array[String[1]]]

Value(s) passed to AcceptEnv parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AcceptEnv for possible values.

Default value: undef

address_family

Data type: Optional[Enum['any', 'inet', 'inet6']]

Value(s) passed to AddressFamily parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AddressFamily for possible values.

Default value: undef

allow_agent_forwarding

Data type: Optional[Ssh::Yes_no]

Value(s) passed to AllowAgentForwarding parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AllowAgentForwarding for possible values.

Default value: undef

allow_groups

Data type: Optional[Array[String[1]]]

Value(s) passed to AllowGroups parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AllowGroups for possible values.

Default value: undef

allow_stream_local_forwarding

Data type: Optional[Enum['yes', 'all', 'no', 'local', 'remote']]

Value(s) passed to AllowStreamLocalForwarding parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AllowStreamLocalForwarding for possible values.

Default value: undef

allow_tcp_forwarding

Data type: Optional[Enum['yes', 'no', 'local', 'remote']]

Value(s) passed to AllowTcpForwarding parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AllowTcpForwarding for possible values.

Default value: undef

allow_users

Data type: Optional[Array[String[1]]]

Value(s) passed to AllowUsers parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AllowUsers for possible values.

Default value: undef

authentication_methods

Data type: Optional[Array[String[1]]]

Value(s) passed to AuthenticationMethods parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthenticationMethods for possible values.

Default value: undef

authorized_keys_command

Data type: Optional[String[1]]

Value(s) passed to AuthorizedKeysCommand parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthorizedKeysCommand for possible values.

Default value: undef

authorized_keys_command_user

Data type: Optional[String[1]]

Value(s) passed to AuthorizedKeysCommandUser parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthorizedKeysCommandUser for possible values.

Default value: undef

authorized_keys_file

Data type: Optional[Array[String[1]]]

Value(s) passed to AuthorizedKeysFile parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthorizedKeysFile for possible values.

Default value: undef

authorized_principals_command

Data type: Optional[String[1]]

Value(s) passed to AuthorizedPrincipalsCommand parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthorizedPrincipalsCommand for possible values.

Default value: undef

authorized_principals_command_user

Data type: Optional[String[1]]

Value(s) passed to AuthorizedPrincipalsCommandUser parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthorizedPrincipalsCommandUser for possible values.

Default value: undef

authorized_principals_file

Data type: Optional[String[1]]

Value(s) passed to AuthorizedPrincipalsFile parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthorizedPrincipalsFile for possible values.

Default value: undef

banner

Data type: Optional[String[1]]

Value(s) passed to Banner parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#Banner for possible values.

Default value: undef

ca_signature_algorithms

Data type: Optional[Array[String[1]]]

Value(s) passed to CASignatureAlgorithms parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#CASignatureAlgorithms for possible values.

Default value: undef

challenge_response_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to ChallengeResponseAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KbdInteractiveAuthentication for possible values.

Default value: undef

chroot_directory

Data type: Optional[String[1]]

Value(s) passed to ChrootDirectory parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ChrootDirectory for possible values.

Default value: undef

ciphers

Data type: Optional[Array[String[1]]]

Value(s) passed to Ciphers parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#Ciphers for possible values.

Default value: undef

client_alive_count_max

Data type: Optional[Integer[0]]

Value(s) passed to ClientAliveCountMax parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ClientAliveCountMax for possible values.

Default value: undef

client_alive_interval

Data type: Optional[Integer[0]]

Value(s) passed to ClientAliveInterval parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ClientAliveInterval for possible values.

Default value: undef

compression

Data type: Optional[Enum['yes', 'delayed', 'no']]

Value(s) passed to Compression parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#Compression for possible values.

Default value: undef

deny_groups

Data type: Optional[Array[String[1]]]

Value(s) passed to DenyGroups parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#DenyGroups for possible values.

Default value: undef

deny_users

Data type: Optional[Array[String[1]]]

Value(s) passed to DenyUsers parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#DenyUsers for possible values.

Default value: undef

disable_forwarding

Data type: Optional[Ssh::Yes_no]

Value(s) passed to DisableForwarding parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#DisableForwarding for possible values.

Default value: undef

expose_auth_info

Data type: Optional[Ssh::Yes_no]

Value(s) passed to ExposeAuthInfo parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ExposeAuthInfo for possible values.

Default value: undef

fingerprint_hash

Data type: Optional[Enum['md5', 'sha256']]

Value(s) passed to FingerprintHash parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#FingerprintHash for possible values.

Default value: undef

force_command

Data type: Optional[String[1]]

Value(s) passed to ForceCommand parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ForceCommand for possible values.

Default value: undef

gateway_ports

Data type: Optional[Enum['no', 'yes', 'clientspecified']]

Value(s) passed to GatewayPorts parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#GatewayPorts for possible values.

Default value: undef

gss_api_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to GSSAPIAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#GSSAPIAuthentication for possible values.

Default value: undef

gss_api_cleanup_credentials

Data type: Optional[Ssh::Yes_no]

Value(s) passed to GSSAPICleanupCredentials parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#GSSAPICleanupCredentials for possible values.

Default value: undef

gss_api_strict_acceptor_check

Data type: Optional[Ssh::Yes_no]

Value(s) passed to GSSAPIStrictAcceptorCheck parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#GSSAPIStrictAcceptorCheck for possible values.

Default value: undef

hostbased_accepted_algorithms

Data type: Optional[Array[String[1]]]

Value(s) passed to HostbasedAcceptedAlgorithms parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostbasedAcceptedAlgorithms for possible values.

Default value: undef

hostbased_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to HostbasedAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostbasedAuthentication for possible values.

Default value: undef

hostbased_uses_name_from_packet_only

Data type: Optional[Ssh::Yes_no]

Value(s) passed to HostbasedUsesNameFromPacketOnly parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostbasedUsesNameFromPacketOnly for possible values.

Default value: undef

host_certificate

Data type: Optional[Array[String[1]]]

Value(s) passed to HostCertificate parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostCertificate for possible values.

Default value: undef

host_key

Data type: Optional[Array[String[1]]]

Value(s) passed to HostKey parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostKey for possible values.

Default value: undef

host_key_agent

Data type: Optional[String[1]]

Value(s) passed to HostKeyAgent parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostKeyAgent for possible values.

Default value: undef

host_key_algorithms

Data type: Optional[Array[String[1]]]

Value(s) passed to HostKeyAlgorithms parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostKeyAlgorithms for possible values.

Default value: undef

ignore_rhosts

Data type: Optional[Ssh::Yes_no]

Value(s) passed to IgnoreRhosts parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#IgnoreRhosts for possible values.

Default value: undef

ignore_user_known_hosts

Data type: Optional[Ssh::Yes_no]

Value(s) passed to IgnoreUserKnownHosts parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#IgnoreUserKnownHosts for possible values.

Default value: undef

include

Data type: Optional[Stdlib::Absolutepath]

Value(s) passed to Include parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#Include for possible values.

Default value: undef

include_dir_owner

Data type: String[1]

The owner of the include directory

Default value: 'root'

include_dir_group

Data type: String[1]

The group of the include directory

Default value: 'root'

include_dir_mode

Data type: Stdlib::Filemode

The mode of the include directory

Default value: '0700'

include_dir_purge

Data type: Boolean

Sets whether to purge the include_dir of unmanaged files

Default value: true

ip_qos

Data type: Optional[String[1]]

Value(s) passed to IPQoS parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#IPQoS for possible values.

Default value: undef

kbd_interactive_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to KbdInteractiveAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KbdInteractiveAuthentication for possible values.

Default value: undef

kerberos_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to KerberosAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KerberosAuthentication for possible values.

Default value: undef

kerberos_get_afs_token

Data type: Optional[Ssh::Yes_no]

Value(s) passed to KerberosGetAFSToken parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KerberosGetAFSToken for possible values.

Default value: undef

kerberos_or_local_passwd

Data type: Optional[Ssh::Yes_no]

Value(s) passed to KerberosOrLocalPasswd parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KerberosOrLocalPasswd for possible values.

Default value: undef

kerberos_ticket_cleanup

Data type: Optional[Ssh::Yes_no]

Value(s) passed to KerberosTicketCleanup parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KerberosTicketCleanup for possible values.

Default value: undef

kex_algorithms

Data type: Optional[Array[String[1]]]

Value(s) passed to KexAlgorithms parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KexAlgorithms for possible values.

Default value: undef

listen_address

Data type: Optional[Array[String[1]]]

Value(s) passed to ListenAddress parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ListenAddress for possible values.

Default value: undef

login_grace_time

Data type: Optional[Integer[0]]

Value(s) passed to LoginGraceTime parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#LoginGraceTime for possible values.

Default value: undef

log_level

Data type: Optional[Ssh::Log_level]

Value(s) passed to LogLevel parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#LogLevel for possible values.

Default value: undef

log_verbose

Data type: Optional[String[1]]

Value(s) passed to LogVerbose parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#LogVerbose for possible values.

Default value: undef

macs

Data type: Optional[Array[String[1]]]

Value(s) passed to MACs parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#MACs for possible values.

Default value: undef

max_auth_tries

Data type: Optional[Integer[2]]

Value(s) passed to MaxAuthTries parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#MaxAuthTries for possible values.

Default value: undef

max_sessions

Data type: Optional[Integer[0]]

Value(s) passed to MaxSessions parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#MaxSessions for possible values.

Default value: undef

max_startups

Data type: Optional[String[1]]

Value(s) passed to MaxStartups parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#MaxStartups for possible values.

Default value: undef

moduli_file

Data type: Optional[Stdlib::Absolutepath]

Value(s) passed to ModuliFile parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ModuliFile for possible values.

Default value: undef

password_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to PasswordAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PasswordAuthentication for possible values.

Default value: undef

permit_empty_passwords

Data type: Optional[Ssh::Yes_no]

Value(s) passed to PermitEmptyPasswords parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitEmptyPasswords for possible values.

Default value: undef

permit_listen

Data type: Optional[Array[String[1]]]

Value(s) passed to PermitListen parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitListen for possible values.

Default value: undef

permit_open

Data type: Optional[Array[String[1]]]

Value(s) passed to PermitOpen parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitOpen for possible values.

Default value: undef

permit_root_login

Data type: Optional[Ssh::Permit_root_login]

Value(s) passed to PermitRootLogin parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitRootLogin for possible values.

Default value: undef

permit_tty

Data type: Optional[Ssh::Yes_no]

Value(s) passed to PermitTTY parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitTTY for possible values.

Default value: undef

permit_tunnel

Data type: Optional[Enum['yes', 'point-to-point', 'ethernet', 'no']]

Value(s) passed to PermitTunnel parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitTunnel for possible values.

Default value: undef

permit_user_environment

Data type: Optional[String[1]]

Value(s) passed to PermitUserEnvironment parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitUserEnvironment for possible values.

Default value: undef

permit_user_rc

Data type: Optional[Ssh::Yes_no]

Value(s) passed to PermitUserRC parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitUserRC for possible values.

Default value: undef

per_source_max_startups

Data type: Optional[String[1]]

Value(s) passed to PerSourceMaxStartups parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PerSourceMaxStartups for possible values.

Default value: undef

per_source_net_block_size

Data type: Optional[String[1]]

Value(s) passed to PerSourceNetBlockSize parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PerSourceNetBlockSize for possible values.

Default value: undef

pid_file

Data type: Optional[String[1]]

Value(s) passed to PidFile parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PidFile for possible values.

Default value: undef

port

Data type: Optional[Array[Stdlib::Port]]

Value(s) passed to Port parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#Port for possible values.

Default value: undef

print_last_log

Data type: Optional[Ssh::Yes_no]

Value(s) passed to PrintLastLog parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PrintLastLog for possible values.

Default value: undef

print_motd

Data type: Optional[Ssh::Yes_no]

Value(s) passed to PrintMotd parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PrintMotd for possible values.

Default value: undef

pubkey_accepted_algorithms

Data type: Optional[Array[String[1]]]

Value(s) passed to PubkeyAcceptedAlgorithms parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PubkeyAcceptedAlgorithms for possible values.

Default value: undef

pubkey_auth_options

Data type: Optional[Enum['none', 'touch-required', 'verify-required']]

Value(s) passed to PubkeyAuthOptions parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PubkeyAuthOptions for possible values.

Default value: undef

pubkey_authentication

Data type: Optional[Ssh::Yes_no]

Value(s) passed to PubkeyAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PubkeyAuthentication for possible values.

Default value: undef

rekey_limit

Data type: Optional[String[1]]

Value(s) passed to RekeyLimit parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#RekeyLimit for possible values.

Default value: undef

revoked_keys

Data type: Optional[String[1]]

Value(s) passed to RevokedKeys parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#RevokedKeys for possible values.

Default value: undef

rdomain

Data type: Optional[String[1]]

Value(s) passed to RDomain parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#RDomain for possible values.

Default value: undef

security_key_provider

Data type: Optional[Stdlib::Absolutepath]

Value(s) passed to SecurityKeyProvider parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#SecurityKeyProvider for possible values.

Default value: undef

set_env

Data type: Optional[Array[String[1]]]

Value(s) passed to SetEnv parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#SetEnv for possible values.

Default value: undef

stream_local_bind_mask

Data type: Optional[Pattern[/^[0-7]{4}$/]]

Value(s) passed to StreamLocalBindMask parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#StreamLocalBindMask for possible values.

Default value: undef

stream_local_bind_unlink

Data type: Optional[Ssh::Yes_no]

Value(s) passed to StreamLocalBindUnlink parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#StreamLocalBindUnlink for possible values.

Default value: undef

strict_modes

Data type: Optional[Ssh::Yes_no]

Value(s) passed to StrictModes parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#StrictModes for possible values.

Default value: undef

subsystem

Data type: Optional[String[1]]

Value(s) passed to Subsystem parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#Subsystem for possible values.

Default value: undef

syslog_facility

Data type: Optional[Ssh::Syslog_facility]

Value(s) passed to SyslogFacility parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#SyslogFacility for possible values.

Default value: undef

tcp_keep_alive

Data type: Optional[Ssh::Yes_no]

Value(s) passed to TCPKeepAlive parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#TCPKeepAlive for possible values.

Default value: undef

trusted_user_ca_keys

Data type: Optional[String[1]]

Value(s) passed to TrustedUserCAKeys parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#TrustedUserCAKeys for possible values.

Default value: undef

use_dns

Data type: Optional[Ssh::Yes_no]

Value(s) passed to UseDNS parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#UseDNS for possible values.

Default value: undef

use_pam

Data type: Optional[Ssh::Yes_no]

Value(s) passed to UsePAM parameter in sshd_config. Unused if empty. Possible values are 'yes' and 'no'. There is no mentioning of this parameter in the current man pages of OpenSSH v7. But it is mentioned in the release notes of OpenSSH v8. https://www.openssh.com/txt/release-8.0

Default value: undef

version_addendum

Data type: Optional[String[1]]

Value(s) passed to VersionAddendum parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#VersionAddendum for possible values.

Default value: undef

x11_display_offset

Data type: Optional[Integer[0]]

Value(s) passed to X11DisplayOffset parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#X11DisplayOffset for possible values.

Default value: undef

x11_forwarding

Data type: Optional[Ssh::Yes_no]

Value(s) passed to X11Forwarding parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#X11Forwarding for possible values.

Default value: undef

x11_use_localhost

Data type: Optional[Ssh::Yes_no]

Value(s) passed to X11UseLocalhost parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#X11UseLocalhost for possible values.

Default value: undef

xauth_location

Data type: Optional[String[1]]

Value(s) passed to XAuthLocation parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#XAuthLocation for possible values.

Default value: undef

custom

Data type: Optional[Array[String[1]]]

Array of custom lines to be added to server configuration file sshd_config. Uses one array item per line to be added.

Default value: undef

Defined types

ssh::config_entry

Manage an entry in ~/.ssh/config for a particular user. Lines model the lines in each Host block.

Parameters

The following parameters are available in the ssh::config_entry defined type:

ensure

Data type: Enum['present','absent']

ensure attribute for entry.

Default value: 'present'

group

Data type: String[1]

User group used for the generated ssh/config file.

host

Data type: String[1]

Host this generated ssh/config file is used for.

lines

Data type: Array[String]

Lines to be added tp ssh/config file.

Default value: []

order

Data type: Integer[0]

Order of entries in the ssh/config file used for concatenation.

Default value: 10

owner

Data type: String[1]

User/Owner used for the generated ssh/config file.

path

Data type: Stdlib::Absolutepath

Absolute path used for the generated ssh/config file.

ssh::config_file_client

Manage an entry in ~/.ssh/config for a particular user. Lines model the lines in each Host block.

Parameters

The following parameters are available in the ssh::config_file_client defined type:

owner

Data type: String[1]

User/Owner used for the generated ssh/config file.

Default value: 'root'

group

Data type: String[1]

User group used for the generated ssh/config file.

Default value: 'root'

mode

Data type: Stdlib::Filemode

File mode used for the generated ssh/config file.

Default value: '0644'

ensure

Data type: Enum['present','absent']

ensure attribute for entry.

Default value: 'present'

lines

Data type: Ssh::Ssh_Config

Lines to be added tp ssh/config file. These lines will be verified for valid directive names and values.

Default value: {}

custom

Data type: Array

Lines to be added tp ssh/config file. These lines will not be verified and can be used to add future and past directives.

Default value: []

ssh::config_file_server

Manage an entry in ~/.ssh/config for a particular user. Lines model the lines in each Host block.

Parameters

The following parameters are available in the ssh::config_file_server defined type:

owner

Data type: String[1]

User/Owner used for the generated ssh/config file.

Default value: 'root'

group

Data type: String[1]

User group used for the generated ssh/config file.

Default value: 'root'

mode

Data type: Stdlib::Filemode

File mode used for the generated ssh/config file.

Default value: '0600'

ensure

Data type: Enum['present','absent']

ensure attribute for entry.

Default value: 'present'

lines

Data type: Ssh::Sshd_Config

Lines to be added tp ssh/config file. These lines will be verified for valid directive names and values.

Default value: {}

custom

Data type: Array

Lines to be added tp ssh/config file. These lines will not be verified and can be used to add future and past directives.

Default value: []

Data types

Ssh::Key::Type

From https://github.com/puppetlabs/puppetlabs-sshkeys_core/blob/master/lib/puppet/type/sshkey.rb v1.0.2

Alias of Enum['ssh-dss', 'ssh-ed25519', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ed25519', 'rsa', 'dsa']

Ssh::Log_level

validate SSH log levels

Alias of Enum['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE', 'DEBUG', 'DEBUG1', 'DEBUG2', 'DEBUG3']

Ssh::Permit_root_login

'without-password' is a deprecated alias for 'prohibit-password'

Alias of Enum['yes', 'prohibit-password', 'without-password', 'forced-commands-only', 'no']

Ssh::Ssh_Config

ssh_config configuration file parameters

Alias of

Struct[{
    Optional['Host']                             => String[1],
    Optional['Match']                            => String[1],
    Optional['AddKeysToAgent']                   => Enum['yes', 'no', 'ask', 'confirm'],
    Optional['AddressFamily']                    => Enum['any', 'inet', 'inet6'],
    Optional['BatchMode']                        => Ssh::Yes_no,
    Optional['BindAddress']                      => String[1],
    Optional['BindInterface']                    => String[1],
    Optional['CanonicalDomains']                 => String[1],
    Optional['CanonicalizeFallbackLocal']        => Ssh::Yes_no,
    Optional['CanonicalizeHostname']             => Enum['yes', 'no', 'always'],
    Optional['CanonicalizeMaxDots']              => Integer[0],
    Optional['CanonicalizePermittedCNAMEs']      => String[1],
    Optional['CASignatureAlgorithms']            => String[1],
    Optional['CertificateFile']                  => String[1],
    Optional['CheckHostIP']                      => Ssh::Yes_no,
    Optional['Ciphers']                          => String[1],
    Optional['ClearAllForwardings']              => Ssh::Yes_no,
    Optional['Compression']                      => Ssh::Yes_no,
    Optional['ConnectionAttempts']               => Integer[0],
    Optional['ConnectTimeout']                   => Integer[0],
    Optional['ControlMaster']                    => Enum['yes', 'no', 'ask', 'auto', 'autoask'],
    Optional['ControlPath']                      => String[1],
    Optional['ControlPersist']                   => String[1],
    Optional['DynamicForward']                   => String[1],
    Optional['EnableEscapeCommandline']          => Ssh::Yes_no,
    Optional['EnableSSHKeysign']                 => Ssh::Yes_no,
    Optional['EscapeChar']                       => String[1],
    Optional['ExitOnForwardFailure']             => Ssh::Yes_no,
    Optional['FingerprintHash']                  => Enum['sha256', 'md5'],
    Optional['ForkAfterAuthentication']          => Ssh::Yes_no,
    Optional['ForwardAgent']                     => Ssh::Yes_no,
    Optional['ForwardX11']                       => Ssh::Yes_no,
    Optional['ForwardX11Timeout']                => Variant[String[1], Integer[0]],
    Optional['ForwardX11Trusted']                => Ssh::Yes_no,
    Optional['GatewayPorts']                     => Ssh::Yes_no,
    Optional['GlobalKnownHostsFile']             => String[1],
    Optional['GSSAPIAuthentication']             => Ssh::Yes_no,
    Optional['GSSAPIDelegateCredentials']        => Ssh::Yes_no,
    Optional['HashKnownHosts']                   => Ssh::Yes_no,
    Optional['HostbasedAcceptedAlgorithms']      => String[1],
    Optional['HostbasedAuthentication']          => Ssh::Yes_no,
    Optional['HostKeyAlgorithms']                => String[1],
    Optional['HostKeyAlias']                     => String[1],
    Optional['Hostname']                         => String[1],
    Optional['IdentitiesOnly']                   => Ssh::Yes_no,
    Optional['IdentityAgent']                    => String[1],
    Optional['IdentityFile']                     => String[1],
    Optional['IgnoreUnknown']                    => String[1],
    Optional['Include']                          => String[1],
    Optional['IPQoS']                            => String[1],
    Optional['KbdInteractiveAuthentication']     => Ssh::Yes_no,
    Optional['KbdInteractiveDevices']            => String[1],
    Optional['KexAlgorithms']                    => String[1],
    Optional['KnownHostsCommand']                => String[1],
    Optional['LocalCommand']                     => String[1],
    Optional['LocalForward']                     => String[1],
    Optional['LogLevel']                         => Ssh::Log_level,
    Optional['LogVerbose']                       => String[1],
    Optional['MACs']                             => String[1],
    Optional['NoHostAuthenticationForLocalhost'] => Ssh::Yes_no,
    Optional['NumberOfPasswordPrompts']          => Integer[0],
    Optional['PasswordAuthentication']           => Ssh::Yes_no,
    Optional['PermitLocalCommand']               => Ssh::Yes_no,
    Optional['PermitRemoteOpen']                 => String[1],
    Optional['PKCS11Provider']                   => String[1],
    Optional['Port']                             => Stdlib::Port,
    Optional['PreferredAuthentications']         => String[1],
    Optional['ProxyCommand']                     => String[1],
    Optional['ProxyJump']                        => String[1],
    Optional['ProxyUseFdpass']                   => Ssh::Yes_no,
    Optional['PubkeyAcceptedAlgorithms']         => String[1],
    Optional['PubkeyAuthentication']             => Ssh::Yes_no,
    Optional['RekeyLimit']                       => String[1],
    Optional['RemoteCommand']                    => String[1],
    Optional['RemoteForward']                    => String[1],
    Optional['RequestTTY']                       => Enum['no', 'yes', 'force', 'auto'],
    Optional['RequiredRSASize']                  => Integer[0],
    Optional['RevokedHostKeys']                  => String[1],
    Optional['SecurityKeyProvider']              => String[1],
    Optional['SendEnv']                          => String[1],
    Optional['ServerAliveCountMax']              => Variant[String[1], Integer[0]],
    Optional['ServerAliveInterval']              => Variant[String[1], Integer[0]],
    Optional['SessionType']                      => Enum['default', 'none', 'subsystem'],
    Optional['SetEnv']                           => String[1],
    Optional['StdinNull']                        => Ssh::Yes_no,
    Optional['StreamLocalBindMask']              => Stdlib::Filemode,
    Optional['StreamLocalBindUnlink']            => Ssh::Yes_no,
    Optional['StrictHostKeyChecking']            => Enum['yes', 'no', 'accept-new', 'off', 'ask'],
    Optional['SyslogFacility']                   => Ssh::Syslog_facility,
    Optional['TCPKeepAlive']                     => Ssh::Yes_no,
    Optional['Tunnel']                           => Enum['yes', 'no', 'point-to-point', 'ethernet'],
    Optional['TunnelDevice']                     => String[1],
    Optional['UpdateHostKeys']                   => Ssh::Yes_no,
    Optional['User']                             => String[1],
    Optional['UserKnownHostsFile']               => String[1],
    Optional['VerifyHostKeyDNS']                 => Enum['yes', 'no', 'ask'],
    Optional['VisualHostKey']                    => Ssh::Yes_no,
    Optional['XAuthLocation']                    => String[1],
    Optional['custom']                           => Array,
  }]

Ssh::Sshd_Config

sshd_config configuration file parameters

Alias of

Struct[{
    Optional['AcceptEnv']                       => String[1],
    Optional['AddressFamily']                   => Enum['any', 'inet', 'inet6'],
    Optional['AllowAgentForwarding']            => Ssh::Yes_no,
    Optional['AllowGroups']                     => String[1],
    Optional['AllowStreamLocalForwarding']      => Enum['yes', 'all', 'no', 'local', 'remote'],
    Optional['AllowTcpForwarding']              => Enum['yes', 'no', 'local', 'remote'],
    Optional['AllowUsers']                      => String[1],
    Optional['AuthenticationMethods']           => String[1],
    Optional['AuthorizedKeysCommand']           => String[1],
    Optional['AuthorizedKeysCommandUser']       => String[1],
    Optional['AuthorizedKeysFile']              => String[1],
    Optional['AuthorizedPrincipalsCommand']     => String[1],
    Optional['AuthorizedPrincipalsCommandUser'] => String[1],
    Optional['AuthorizedPrincipalsFile']        => String[1],
    Optional['Banner']                          => String[1],
    Optional['CASignatureAlgorithms']           => String[1],
    Optional['ChallengeResponseAuthentication'] => Ssh::Yes_no,
    Optional['ChannelTimeout']                  => String[1],
    Optional['ChrootDirectory']                 => String[1],
    Optional['Ciphers']                         => String[1],
    Optional['ClientAliveCountMax']             => Integer[0],
    Optional['ClientAliveInterval']             => Integer[0],
    Optional['Compression']                     => Enum['yes', 'delayed', 'no'],
    Optional['DenyGroups']                      => String[1],
    Optional['DenyUsers']                       => String[1],
    Optional['DisableForwarding']               => Ssh::Yes_no,
    Optional['ExposeAuthInfo']                  => Ssh::Yes_no,
    Optional['FingerprintHash']                 => Enum['md5', 'sha256'],
    Optional['ForceCommand']                    => String[1],
    Optional['GatewayPorts']                    => Enum['no', 'yes', 'clientspecified'],
    Optional['GSSAPIAuthentication']            => Ssh::Yes_no,
    Optional['GSSAPICleanupCredentials']        => Ssh::Yes_no,
    Optional['GSSAPIStrictAcceptorCheck']       => Ssh::Yes_no,
    Optional['HostbasedAcceptedAlgorithms']     => String[1],
    Optional['HostbasedAuthentication']         => Ssh::Yes_no,
    Optional['HostbasedUsesNameFromPacketOnly'] => Ssh::Yes_no,
    Optional['HostCertificate']                 => String[1],
    Optional['HostKey']                         => String[1],
    Optional['HostKeyAgent']                    => String[1],
    Optional['HostKeyAlgorithms']               => String[1],
    Optional['IgnoreRhosts']                    => Ssh::Yes_no,
    Optional['IgnoreUserKnownHosts']            => Ssh::Yes_no,
    Optional['Include']                         => String[1],
    Optional['IPQoS']                           => String[1],
    Optional['KbdInteractiveAuthentication']    => Ssh::Yes_no,
    Optional['KerberosAuthentication']          => Ssh::Yes_no,
    Optional['KerberosGetAFSToken']             => Ssh::Yes_no,
    Optional['KerberosOrLocalPasswd']           => Ssh::Yes_no,
    Optional['KerberosTicketCleanup']           => Ssh::Yes_no,
    Optional['KexAlgorithms']                   => String[1],
    Optional['ListenAddress']                   => String[1],
    Optional['LoginGraceTime']                  => Integer[0],
    Optional['LogLevel']                        => Ssh::Log_level,
    Optional['LogVerbose']                      => String[1],
    Optional['MACs']                            => String[1],
    Optional['Match']                           => String[1],
    Optional['MaxAuthTries']                    => Integer[2],
    Optional['MaxSessions']                     => Integer[0],
    Optional['MaxStartups']                     => String[1],
    Optional['ModuliFile']                      => Stdlib::Absolutepath,
    Optional['PasswordAuthentication']          => Ssh::Yes_no,
    Optional['PermitEmptyPasswords']            => Ssh::Yes_no,
    Optional['PermitListen']                    => String[1],
    Optional['PermitOpen']                      => String[1],
    Optional['PermitRootLogin']                 => Ssh::Permit_root_login,
    Optional['PermitTTY']                       => Ssh::Yes_no,
    Optional['PermitTunnel']                    => Enum['yes', 'point-to-point', 'ethernet', 'no'],
    Optional['PermitUserEnvironment']           => String[1],
    Optional['PermitUserRC']                    => Ssh::Yes_no,
    Optional['PerSourceMaxStartups']            => String[1],
    Optional['PerSourceNetBlockSize']           => String[1],
    Optional['PidFile']                         => String[1],
    Optional['Port']                            => Stdlib::Port,
    Optional['PrintLastLog']                    => Ssh::Yes_no,
    Optional['PrintMotd']                       => Ssh::Yes_no,
    Optional['PubkeyAcceptedAlgorithms']        => String[1],
    Optional['PubkeyAuthOptions']               => Enum['none', 'touch-required', 'verify-required'],
    Optional['PubkeyAuthentication']            => Ssh::Yes_no,
    Optional['RekeyLimit']                      => String[1],
    Optional['RequiredRSASize']                 => Integer[0],
    Optional['RevokedKeys']                     => String[1],
    Optional['RDomain']                         => String[1],
    Optional['SecurityKeyProvider']             => Stdlib::Absolutepath,
    Optional['SetEnv']                          => String[1],
    Optional['StreamLocalBindMask']             => Stdlib::Filemode,
    Optional['StreamLocalBindUnlink']           => Ssh::Yes_no,
    Optional['StrictModes']                     => Ssh::Yes_no,
    Optional['Subsystem']                       => String[1],
    Optional['SyslogFacility']                  => Ssh::Syslog_facility,
    Optional['TCPKeepAlive']                    => Ssh::Yes_no,
    Optional['TrustedUserCAKeys']               => String[1],
    Optional['UseDNS']                          => Ssh::Yes_no,
    Optional['UsePAM']                          => Ssh::Yes_no,
    Optional['VersionAddendum']                 => String[1],
    Optional['X11DisplayOffset']                => Integer[0],
    Optional['X11Forwarding']                   => Ssh::Yes_no,
    Optional['X11UseLocalhost']                 => Ssh::Yes_no,
    Optional['XAuthLocation']                   => String[1],
    Optional['custom']                          => Array,
  }]

Ssh::Syslog_facility

validate syslog facilities used by SSH

Alias of Enum['DAEMON', 'USER', 'AUTH', 'LOCAL0', 'LOCAL1', 'LOCAL2', 'LOCAL3', 'LOCAL4', 'LOCAL5', 'LOCAL6', 'LOCAL7', 'AUTHPRIV']

Ssh::Yes_no

validate SSH configuration that uses yes/no.

Alias of Enum['yes', 'no']