ssh
: Class to manage SSH clientssh::server
: Class to manage SSH server
ssh::config_entry
: Create config entries in a users' ~/.ssh/configssh::config_file_client
: Create config files to be usedssh::config_file_server
: Create config files to be used
Ssh::Key::Type
: validate SSH key typesSsh::Log_level
: validate SSH log levelsSsh::Permit_root_login
: validate configuration options for permit_root_loginSsh::Ssh_Config
: ssh_config configuration file parametersSsh::Sshd_Config
: sshd_config configuration file parametersSsh::Syslog_facility
: validate syslog facilities used by SSHSsh::Yes_no
: validate SSH configuration that uses yes/no.
Notes: Match
and Host
attributes are not directly supported as multiple
match/host blocks can exist. Use the custom
parameter for that.
The following parameters are available in the ssh
class:
config_entries
config_group
config_mode
config_owner
config_path
global_known_hosts_group
global_known_hosts_mode
global_known_hosts_owner
global_known_hosts_path
keys
manage_global_known_hosts
manage_root_ssh_config
manage_server
manage_sshkey
manage_packages
packages
packages_ensure
packages_adminfile
packages_source
purge_keys
root_ssh_config_content
config_files
host
add_keys_to_agent
address_family
batch_mode
bind_address
bind_interface
canonical_domains
canonicalize_fallback_local
canonicalize_hostname
canonicalize_max_dots
canonicalize_permitted_cnames
ca_signature_algorithms
certificate_file
check_host_ip
ciphers
clear_all_forwardings
compression
connection_attempts
connect_timeout
control_master
control_path
control_persist
dynamic_forward
enable_ssh_keysign
escape_char
exit_on_forward_failure
fingerprint_hash
fork_after_authentication
forward_agent
forward_x11
forward_x11_timeout
forward_x11_trusted
gateway_ports
global_known_hosts_file
gss_api_authentication
gss_api_delegate_credentials
hash_known_hosts
hostbased_accepted_algorithms
hostbased_authentication
host_key_algorithms
host_key_alias
hostname
identities_only
identity_agent
identity_file
ignore_unknown
include
include_dir_owner
include_dir_group
include_dir_mode
include_dir_purge
ip_qos
kbd_interactive_authentication
kbd_interactive_devices
kex_algorithms
kown_hosts_command
local_command
local_forward
log_level
log_verbose
macs
no_host_authentication_for_localhost
number_of_password_prompts
password_authentication
permit_local_command
permit_remote_open
pkcs11_provider
port
preferred_authentications
proxy_command
proxy_jump
proxy_use_fdpass
pubkey_accepted_algorithms
pubkey_authentication
rekey_limit
remote_command
remote_forward
request_tty
revoked_host_keys
security_key_provider
send_env
server_alive_count_max
server_alive_interval
session_type
set_env
stdin_null
stream_local_bind_mask
stream_local_bind_unlink
strict_host_key_checking
syslog_facility
tcp_keep_alive
tunnel
tunnel_device
update_host_keys
user
user_known_hosts_file
use_roaming
verify_host_key_dns
visual_host_key
xauth_location
custom
Data type: Hash
Hash of configuration entries passed to ssh::config_entries define. Please check the docs for ssh::config_entries for a list and details of the parameters usable here.
Default value: {}
Data type: String[1]
User group used for ssh_config file.
Default value: 'root'
Data type: Stdlib::Filemode
File mode used for ssh_config file.
Default value: '0644'
Data type: String[1]
User/Owner used for ssh_config file.
Default value: 'root'
Data type: Stdlib::Absolutepath
Absolute path to ssh_config file.
Default value: '/etc/ssh/ssh_config'
Data type: String[1]
User group used for global used known_hosts file.
Default value: 'root'
Data type: Stdlib::Filemode
File mode used for global used known_hosts file.
Default value: '0644'
Data type: String[1]
User/Owner used for global used known_hosts file.
Default value: 'root'
Data type: Stdlib::Absolutepath
Absolute path to global used known_hosts file.
Default value: '/etc/ssh/ssh_known_hosts'
Data type: Hash
Hash of keys to be added to ~/.ssh/authorized_keys for users.
Default value: {}
Data type: Boolean
Boolean to choose if the global used known hosts file should be managed.
Default value: true
Data type: Boolean
Boolean to choose if the ssh_config file of root should be managed.
Default value: false
Data type: Boolean
Boolean to choose if the SSH daemon and its configuration should be managed.
Default value: true
Data type: Boolean
Boolean to choose if SSH keys should be managed. Also see $purge_keys.
Default value: true
Data type: Boolean
Boolean to choose if SSH client packages should be managed.
Default value: true
Data type: Array[String[1]]
Installation package(s) for the SSH client.
Default value: []
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Ensure parameter to SSH client package(s).
Default value: 'installed'
Data type: Optional[Stdlib::Absolutepath]
Path to adminfile for SSH client package(s) installation. Needed for Solaris.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Source to SSH client package(s). Needed for Solaris.
Default value: undef
Data type: Boolean
If SSH keys not managed by Puppet should get removed. Also see $manage_sshkey.
Default value: true
Data type: String[1]
Content of the ssh_config file of root.
Default value: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n"
Data type: Hash
Hash of configuration entries passed to ssh::config_file_client define. Please check the docs for ssh::config_file_client and the type Ssh::Ssh_Config for a list and details of the parameters usable here.
Default value: {}
Data type: Optional[String[1]]
Value(s) passed to Host parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Host for possible values.
Default value: undef
Data type: Optional[Enum['yes', 'no', 'ask', 'confirm']]
Value(s) passed to AddKeysToAgent parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#AddKeysToAgent for possible values.
Default value: undef
Data type: Optional[Enum['any', 'inet', 'inet6']]
Value(s) passed to AddressFamily parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#AddressFamily for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to BatchMode parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#BatchMode for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to BindAddress parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#BindAddress for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to BindInterface parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#BindInterface for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to CanonicalDomains parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CanonicalDomains for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to CanonicalizeFallbackLocal parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CanonicalizeFallbackLocal for possible values.
Default value: undef
Data type: Optional[Enum['yes', 'no', 'always']]
Value(s) passed to CanonicalizeHostname parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CanonicalizeHostname for possible values.
Default value: undef
Data type: Optional[Integer[0]]
Value(s) passed to CanonicalizeMaxDots parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CanonicalizeMaxDots for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to CanonicalizePermittedCNAMEs parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CanonicalizePermittedCNAMEs for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to CASignatureAlgorithms parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CASignatureAlgorithms for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to CertificateFile parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CertificateFile for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to CheckHostIP parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#CheckHostIP for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to Ciphers parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Ciphers for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to ClearAllForwardings parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ClearAllForwardings for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to Compression parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Compression for possible values.
Default value: undef
Data type: Optional[Integer[0]]
Value(s) passed to ConnectionAttempts parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ConnectionAttempts for possible values.
Default value: undef
Data type: Optional[Integer[0]]
Value(s) passed to ConnectTimeout parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ConnectTimeout for possible values.
Default value: undef
Data type: Optional[Enum['yes', 'no', 'ask', 'auto', 'autoask']]
Value(s) passed to ControlMaster parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ControlMaster for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to ControlPath parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ControlPath for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to ControlPersist parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ControlPersist for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to DynamicForward parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#DynamicForward for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to EnableSSHKeysign parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#EnableSSHKeysign for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to EscapeChar parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#EscapeChar for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to ExitOnForwardFailure parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ExitOnForwardFailure for possible values.
Default value: undef
Data type: Optional[Enum['sha256', 'md5']]
Value(s) passed to FingerprintHash parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#FingerprintHash for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to ForkAfterAuthentication parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ForkAfterAuthentication for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to ForwardAgent parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ForwardAgent for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to ForwardX11 parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ForwardX11 for possible values.
Default value: undef
Data type: Variant[Undef, String[1], Integer[0]]
Value(s) passed to ForwardX11Timeout parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ForwardX11Timeout for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to ForwardX11Trusted parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ForwardX11Trusted for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to GatewayPorts parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#GatewayPorts for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to GlobalKnownHostsFile parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#GlobalKnownHostsFile for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to GSSAPIAuthentication parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#GSSAPIAuthentication for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to GSSAPIDelegateCredentials parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#GSSAPIDelegateCredentials for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to HashKnownHosts parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#HashKnownHosts for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to HostbasedAcceptedAlgorithms parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#HostbasedAcceptedAlgorithms for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to HostbasedAuthentication parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#HostbasedAuthentication for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to HostKeyAlgorithms parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#HostKeyAlgorithms for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to HostKeyAlias parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#HostKeyAlias for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to Hostname parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Hostname for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to IdentitiesOnly parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#IdentitiesOnly for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to IdentityAgent parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#IdentityAgent for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to IdentityFile parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#IdentityFile for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to IgnoreUnknown parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#IgnoreUnknown for possible values.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Value(s) passed to Include parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Include for possible values.
Default value: undef
Data type: String[1]
The owner of the include directory
Default value: 'root'
Data type: String[1]
The group of the include directory
Default value: 'root'
Data type: Stdlib::Filemode
The mode of the include directory
Default value: '0755'
Data type: Boolean
Sets whether to purge the include_dir of unmanaged files
Default value: true
Data type: Optional[String[1]]
Value(s) passed to IPQoS parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#IPQoS for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to KbdInteractiveAuthentication parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#KbdInteractiveAuthentication for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to KbdInteractiveDevices parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#KbdInteractiveDevices for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to KexAlgorithms parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#KexAlgorithms for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to KnownHostsCommand parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#KnownHostsCommand for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to LocalCommand parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#LocalCommand for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to LocalForward parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#LocalForward for possible values.
Default value: undef
Data type: Optional[Ssh::Log_level]
Value(s) passed to LogLevel parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#LogLevel for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to LogVerbose parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#LogVerbose for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to MACs parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#MACs for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to NoHostAuthenticationForLocalhost parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#NoHostAuthenticationForLocalhost for possible values.
Default value: undef
Data type: Optional[Integer]
Value(s) passed to NumberOfPasswordPrompts parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#NumberOfPasswordPrompts for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to PasswordAuthentication parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PasswordAuthentication for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to PermitLocalCommand parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PermitLocalCommand for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to PermitRemoteOpen parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PermitRemoteOpen for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to PKCS11Provider parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PKCS11Provider for possible values.
Default value: undef
Data type: Optional[Stdlib::Port]
Value(s) passed to Port parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Port for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to PreferredAuthentications parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PreferredAuthentications for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to ProxyCommand parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ProxyCommand for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to ProxyJump parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ProxyJump for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to ProxyUseFdpass parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ProxyUseFdpass for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to PubkeyAcceptedAlgorithms parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PubkeyAcceptedAlgorithms for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to PubkeyAuthentication parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#PubkeyAuthentication for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to RekeyLimit parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#RekeyLimit for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to RemoteCommand parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#RemoteCommand for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to RemoteForward parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#RemoteForward for possible values.
Default value: undef
Data type: Optional[Enum['no', 'yes', 'force', 'auto']]
Value(s) passed to RequestTTY parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#RequestTTY for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to RevokedHostKeys parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#RevokedHostKeys for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to SecurityKeyProvider parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#SecurityKeyProvider for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to SendEnv parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#SendEnv for possible values.
Default value: undef
Data type: Variant[Undef, String[1], Integer[0]]
Value(s) passed to ServerAliveCountMax parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ServerAliveCountMax for possible values.
Default value: undef
Data type: Variant[Undef, String[1], Integer[0]]
Value(s) passed to ServerAliveInterval parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#ServerAliveInterval for possible values.
Default value: undef
Data type: Optional[Enum['default', 'none', 'subsystem']]
Value(s) passed to SessionType parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#SessionType for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to SetEnv parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#SetEnv for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to StdinNull parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#StdinNull for possible values.
Default value: undef
Data type: Optional[Pattern[/^[0-7]{4}$/]]
Value(s) passed to StreamLocalBindMask parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#StreamLocalBindMask for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to StreamLocalBindUnlink parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#StreamLocalBindUnlink for possible values.
Default value: undef
Data type: Optional[Enum['yes', 'no', 'accept-new', 'off', 'ask']]
Value(s) passed to StrictHostKeyChecking parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#StrictHostKeyChecking for possible values.
Default value: undef
Data type: Optional[Ssh::Syslog_facility]
Value(s) passed to SyslogFacility parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#SyslogFacility for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to TCPKeepAlive parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#TCPKeepAlive for possible values.
Default value: undef
Data type: Optional[Enum['yes', 'no', 'point-to-point', 'ethernet']]
Value(s) passed to Tunnel parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#Tunnel for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to TunnelDevice parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#TunnelDevice for possible values.
Default value: undef
Data type: Optional[Enum['yes', 'no', 'ask']]
Value(s) passed to UpdateHostKeys parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#UpdateHostKeys for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to User parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#User for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to UserKnownHostsFile parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#UserKnownHostsFile for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to the UseRoaming parameter in ssh_config. Unused if empty.
Default value: undef
Data type: Optional[Enum['yes', 'no', 'ask']]
Value(s) passed to VerifyHostKeyDNS parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#VerifyHostKeyDNS for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to VisualHostKey parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#VisualHostKey for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to XAuthLocation parameter in ssh_config. Unused if empty. Check https://man.openbsd.org/ssh_config#XAuthLocation for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Array of custom lines to be added to client configuration file ssh_config. Uses one array item per line to be added.
Default value: undef
Notes: Match
attribute is not directly supported as multiple match blocks can
exist. Use the custom
parameter for that.
The following parameters are available in the ssh::server
class:
banner_content
banner_group
banner_mode
banner_owner
banner_path
config_group
config_mode
config_owner
config_path
manage_service
manage_packages
packages
packages_ensure
packages_adminfile
packages_source
service_enable
service_ensure
service_hasrestart
service_hasstatus
config_files
service_name
accept_env
address_family
allow_agent_forwarding
allow_groups
allow_stream_local_forwarding
allow_tcp_forwarding
allow_users
authentication_methods
authorized_keys_command
authorized_keys_command_user
authorized_keys_file
authorized_principals_command
authorized_principals_command_user
authorized_principals_file
banner
ca_signature_algorithms
challenge_response_authentication
chroot_directory
ciphers
client_alive_count_max
client_alive_interval
compression
deny_groups
deny_users
disable_forwarding
expose_auth_info
fingerprint_hash
force_command
gateway_ports
gss_api_authentication
gss_api_cleanup_credentials
gss_api_strict_acceptor_check
hostbased_accepted_algorithms
hostbased_authentication
hostbased_uses_name_from_packet_only
host_certificate
host_key
host_key_agent
host_key_algorithms
ignore_rhosts
ignore_user_known_hosts
include
include_dir_owner
include_dir_group
include_dir_mode
include_dir_purge
ip_qos
kbd_interactive_authentication
kerberos_authentication
kerberos_get_afs_token
kerberos_or_local_passwd
kerberos_ticket_cleanup
kex_algorithms
listen_address
login_grace_time
log_level
log_verbose
macs
max_auth_tries
max_sessions
max_startups
moduli_file
password_authentication
permit_empty_passwords
permit_listen
permit_open
permit_root_login
permit_tty
permit_tunnel
permit_user_environment
permit_user_rc
per_source_max_startups
per_source_net_block_size
pid_file
port
print_last_log
print_motd
pubkey_accepted_algorithms
pubkey_auth_options
pubkey_authentication
rekey_limit
revoked_keys
rdomain
security_key_provider
set_env
stream_local_bind_mask
stream_local_bind_unlink
strict_modes
subsystem
syslog_facility
tcp_keep_alive
trusted_user_ca_keys
use_dns
use_pam
version_addendum
x11_display_offset
x11_forwarding
x11_use_localhost
xauth_location
custom
Data type: Optional[String[1]]
Content of SSHd banner file.
Default value: undef
Data type: String[1]
User group used for SSHd banner file.
Default value: 'root'
Data type: Stdlib::Filemode
File mode used for SSHd banner file.
Default value: '0644'
Data type: String[1]
User/Owner used for SSHd banner file.
Default value: 'root'
Data type: Stdlib::Absolutepath
Absolute path to SSHd banner file.
Default value: '/etc/sshd_banner'
Data type: String[1]
User group used for sshd_config file.
Default value: 'root'
Data type: Stdlib::Filemode
File mode used for sshd_config file.
Default value: '0600'
Data type: String[1]
User/Owner used for sshd_config file.
Default value: 'root'
Data type: Stdlib::Absolutepath
Absolute path to sshd_config file.
Default value: '/etc/ssh/sshd_config'
Data type: Boolean
Boolean to choose if the SSH daemon should be managed.
Default value: true
Data type: Boolean
Boolean to choose if SSH client packages should be managed.
Default value: true
Data type: Array[String[1]]
Installation package(s) for the SSH server. Leave empty if the client package(s) also include the server binaries (eg: Suse SLES and SLED).
Default value: []
Data type: Variant[Enum['present', 'absent', 'purged', 'disabled', 'installed', 'latest'], String[1]]
Ensure parameter to SSH server package(s).
Default value: 'installed'
Data type: Optional[Stdlib::Absolutepath]
Path to adminfile for SSH server package(s) installation. Needed for Solaris.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Source to SSH server package(s). Needed for Solaris.
Default value: undef
Data type: Boolean
enable attribure for SSH daemon.
Default value: true
Data type: Stdlib::Ensure::Service
ensure attribute for SSH daemon.
Default value: 'running'
Data type: Boolean
hasrestart attribute for SSH daemon.
Default value: true
Data type: Boolean
hasstatus attribute for SSH daemon.
Default value: true
Data type: Hash
Hash of configuration entries passed to ssh::config_file_server define. Please check the docs for ssh::config_file_client and the type Ssh::Sshd_Config for a list and details of the parameters usable here.
Default value: {}
Data type: String[1]
Name of the SSH daemon.
Default value: 'sshd'
Data type: Optional[Array[String[1]]]
Value(s) passed to AcceptEnv parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AcceptEnv for possible values.
Default value: undef
Data type: Optional[Enum['any', 'inet', 'inet6']]
Value(s) passed to AddressFamily parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AddressFamily for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to AllowAgentForwarding parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AllowAgentForwarding for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to AllowGroups parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AllowGroups for possible values.
Default value: undef
Data type: Optional[Enum['yes', 'all', 'no', 'local', 'remote']]
Value(s) passed to AllowStreamLocalForwarding parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AllowStreamLocalForwarding for possible values.
Default value: undef
Data type: Optional[Enum['yes', 'no', 'local', 'remote']]
Value(s) passed to AllowTcpForwarding parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AllowTcpForwarding for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to AllowUsers parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AllowUsers for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to AuthenticationMethods parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthenticationMethods for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to AuthorizedKeysCommand parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthorizedKeysCommand for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to AuthorizedKeysCommandUser parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthorizedKeysCommandUser for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to AuthorizedKeysFile parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthorizedKeysFile for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to AuthorizedPrincipalsCommand parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthorizedPrincipalsCommand for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to AuthorizedPrincipalsCommandUser parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthorizedPrincipalsCommandUser for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to AuthorizedPrincipalsFile parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#AuthorizedPrincipalsFile for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to Banner parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#Banner for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to CASignatureAlgorithms parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#CASignatureAlgorithms for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to ChallengeResponseAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KbdInteractiveAuthentication for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to ChrootDirectory parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ChrootDirectory for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to Ciphers parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#Ciphers for possible values.
Default value: undef
Data type: Optional[Integer[0]]
Value(s) passed to ClientAliveCountMax parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ClientAliveCountMax for possible values.
Default value: undef
Data type: Optional[Integer[0]]
Value(s) passed to ClientAliveInterval parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ClientAliveInterval for possible values.
Default value: undef
Data type: Optional[Enum['yes', 'delayed', 'no']]
Value(s) passed to Compression parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#Compression for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to DenyGroups parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#DenyGroups for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to DenyUsers parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#DenyUsers for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to DisableForwarding parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#DisableForwarding for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to ExposeAuthInfo parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ExposeAuthInfo for possible values.
Default value: undef
Data type: Optional[Enum['md5', 'sha256']]
Value(s) passed to FingerprintHash parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#FingerprintHash for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to ForceCommand parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ForceCommand for possible values.
Default value: undef
Data type: Optional[Enum['no', 'yes', 'clientspecified']]
Value(s) passed to GatewayPorts parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#GatewayPorts for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to GSSAPIAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#GSSAPIAuthentication for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to GSSAPICleanupCredentials parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#GSSAPICleanupCredentials for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to GSSAPIStrictAcceptorCheck parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#GSSAPIStrictAcceptorCheck for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to HostbasedAcceptedAlgorithms parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostbasedAcceptedAlgorithms for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to HostbasedAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostbasedAuthentication for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to HostbasedUsesNameFromPacketOnly parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostbasedUsesNameFromPacketOnly for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to HostCertificate parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostCertificate for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to HostKey parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostKey for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to HostKeyAgent parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostKeyAgent for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to HostKeyAlgorithms parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#HostKeyAlgorithms for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to IgnoreRhosts parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#IgnoreRhosts for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to IgnoreUserKnownHosts parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#IgnoreUserKnownHosts for possible values.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Value(s) passed to Include parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#Include for possible values.
Default value: undef
Data type: String[1]
The owner of the include directory
Default value: 'root'
Data type: String[1]
The group of the include directory
Default value: 'root'
Data type: Stdlib::Filemode
The mode of the include directory
Default value: '0700'
Data type: Boolean
Sets whether to purge the include_dir of unmanaged files
Default value: true
Data type: Optional[String[1]]
Value(s) passed to IPQoS parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#IPQoS for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to KbdInteractiveAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KbdInteractiveAuthentication for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to KerberosAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KerberosAuthentication for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to KerberosGetAFSToken parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KerberosGetAFSToken for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to KerberosOrLocalPasswd parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KerberosOrLocalPasswd for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to KerberosTicketCleanup parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KerberosTicketCleanup for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to KexAlgorithms parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#KexAlgorithms for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to ListenAddress parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ListenAddress for possible values.
Default value: undef
Data type: Optional[Integer[0]]
Value(s) passed to LoginGraceTime parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#LoginGraceTime for possible values.
Default value: undef
Data type: Optional[Ssh::Log_level]
Value(s) passed to LogLevel parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#LogLevel for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to LogVerbose parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#LogVerbose for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to MACs parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#MACs for possible values.
Default value: undef
Data type: Optional[Integer[2]]
Value(s) passed to MaxAuthTries parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#MaxAuthTries for possible values.
Default value: undef
Data type: Optional[Integer[0]]
Value(s) passed to MaxSessions parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#MaxSessions for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to MaxStartups parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#MaxStartups for possible values.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Value(s) passed to ModuliFile parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#ModuliFile for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to PasswordAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PasswordAuthentication for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to PermitEmptyPasswords parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitEmptyPasswords for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to PermitListen parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitListen for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to PermitOpen parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitOpen for possible values.
Default value: undef
Data type: Optional[Ssh::Permit_root_login]
Value(s) passed to PermitRootLogin parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitRootLogin for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to PermitTTY parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitTTY for possible values.
Default value: undef
Data type: Optional[Enum['yes', 'point-to-point', 'ethernet', 'no']]
Value(s) passed to PermitTunnel parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitTunnel for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to PermitUserEnvironment parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitUserEnvironment for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to PermitUserRC parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PermitUserRC for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to PerSourceMaxStartups parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PerSourceMaxStartups for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to PerSourceNetBlockSize parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PerSourceNetBlockSize for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to PidFile parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PidFile for possible values.
Default value: undef
Data type: Optional[Array[Stdlib::Port]]
Value(s) passed to Port parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#Port for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to PrintLastLog parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PrintLastLog for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to PrintMotd parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PrintMotd for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to PubkeyAcceptedAlgorithms parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PubkeyAcceptedAlgorithms for possible values.
Default value: undef
Data type: Optional[Enum['none', 'touch-required', 'verify-required']]
Value(s) passed to PubkeyAuthOptions parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PubkeyAuthOptions for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to PubkeyAuthentication parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#PubkeyAuthentication for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to RekeyLimit parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#RekeyLimit for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to RevokedKeys parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#RevokedKeys for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to RDomain parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#RDomain for possible values.
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Value(s) passed to SecurityKeyProvider parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#SecurityKeyProvider for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Value(s) passed to SetEnv parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#SetEnv for possible values.
Default value: undef
Data type: Optional[Pattern[/^[0-7]{4}$/]]
Value(s) passed to StreamLocalBindMask parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#StreamLocalBindMask for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to StreamLocalBindUnlink parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#StreamLocalBindUnlink for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to StrictModes parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#StrictModes for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to Subsystem parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#Subsystem for possible values.
Default value: undef
Data type: Optional[Ssh::Syslog_facility]
Value(s) passed to SyslogFacility parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#SyslogFacility for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to TCPKeepAlive parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#TCPKeepAlive for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to TrustedUserCAKeys parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#TrustedUserCAKeys for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to UseDNS parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#UseDNS for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to UsePAM parameter in sshd_config. Unused if empty. Possible values are 'yes' and 'no'. There is no mentioning of this parameter in the current man pages of OpenSSH v7. But it is mentioned in the release notes of OpenSSH v8. https://www.openssh.com/txt/release-8.0
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to VersionAddendum parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#VersionAddendum for possible values.
Default value: undef
Data type: Optional[Integer[0]]
Value(s) passed to X11DisplayOffset parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#X11DisplayOffset for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to X11Forwarding parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#X11Forwarding for possible values.
Default value: undef
Data type: Optional[Ssh::Yes_no]
Value(s) passed to X11UseLocalhost parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#X11UseLocalhost for possible values.
Default value: undef
Data type: Optional[String[1]]
Value(s) passed to XAuthLocation parameter in sshd_config. Unused if empty. Check https://man.openbsd.org/sshd_config#XAuthLocation for possible values.
Default value: undef
Data type: Optional[Array[String[1]]]
Array of custom lines to be added to server configuration file sshd_config. Uses one array item per line to be added.
Default value: undef
Manage an entry in ~/.ssh/config for a particular user. Lines model the lines in each Host block.
The following parameters are available in the ssh::config_entry
defined type:
Data type: Enum['present','absent']
ensure attribute for entry.
Default value: 'present'
Data type: String[1]
User group used for the generated ssh/config file.
Data type: String[1]
Host this generated ssh/config file is used for.
Data type: Array[String]
Lines to be added tp ssh/config file.
Default value: []
Data type: Integer[0]
Order of entries in the ssh/config file used for concatenation.
Default value: 10
Data type: String[1]
User/Owner used for the generated ssh/config file.
Data type: Stdlib::Absolutepath
Absolute path used for the generated ssh/config file.
Manage an entry in ~/.ssh/config for a particular user. Lines model the lines in each Host block.
The following parameters are available in the ssh::config_file_client
defined type:
Data type: String[1]
User/Owner used for the generated ssh/config file.
Default value: 'root'
Data type: String[1]
User group used for the generated ssh/config file.
Default value: 'root'
Data type: Stdlib::Filemode
File mode used for the generated ssh/config file.
Default value: '0644'
Data type: Enum['present','absent']
ensure attribute for entry.
Default value: 'present'
Data type: Ssh::Ssh_Config
Lines to be added tp ssh/config file. These lines will be verified for valid directive names and values.
Default value: {}
Data type: Array
Lines to be added tp ssh/config file. These lines will not be verified and can be used to add future and past directives.
Default value: []
Manage an entry in ~/.ssh/config for a particular user. Lines model the lines in each Host block.
The following parameters are available in the ssh::config_file_server
defined type:
Data type: String[1]
User/Owner used for the generated ssh/config file.
Default value: 'root'
Data type: String[1]
User group used for the generated ssh/config file.
Default value: 'root'
Data type: Stdlib::Filemode
File mode used for the generated ssh/config file.
Default value: '0600'
Data type: Enum['present','absent']
ensure attribute for entry.
Default value: 'present'
Data type: Ssh::Sshd_Config
Lines to be added tp ssh/config file. These lines will be verified for valid directive names and values.
Default value: {}
Data type: Array
Lines to be added tp ssh/config file. These lines will not be verified and can be used to add future and past directives.
Default value: []
From https://github.com/puppetlabs/puppetlabs-sshkeys_core/blob/master/lib/puppet/type/sshkey.rb v1.0.2
Alias of Enum['ssh-dss', 'ssh-ed25519', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ed25519', 'rsa', 'dsa']
validate SSH log levels
Alias of Enum['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE', 'DEBUG', 'DEBUG1', 'DEBUG2', 'DEBUG3']
'without-password' is a deprecated alias for 'prohibit-password'
Alias of Enum['yes', 'prohibit-password', 'without-password', 'forced-commands-only', 'no']
ssh_config configuration file parameters
Alias of
Struct[{
Optional['Host'] => String[1],
Optional['Match'] => String[1],
Optional['AddKeysToAgent'] => Enum['yes', 'no', 'ask', 'confirm'],
Optional['AddressFamily'] => Enum['any', 'inet', 'inet6'],
Optional['BatchMode'] => Ssh::Yes_no,
Optional['BindAddress'] => String[1],
Optional['BindInterface'] => String[1],
Optional['CanonicalDomains'] => String[1],
Optional['CanonicalizeFallbackLocal'] => Ssh::Yes_no,
Optional['CanonicalizeHostname'] => Enum['yes', 'no', 'always'],
Optional['CanonicalizeMaxDots'] => Integer[0],
Optional['CanonicalizePermittedCNAMEs'] => String[1],
Optional['CASignatureAlgorithms'] => String[1],
Optional['CertificateFile'] => String[1],
Optional['CheckHostIP'] => Ssh::Yes_no,
Optional['Ciphers'] => String[1],
Optional['ClearAllForwardings'] => Ssh::Yes_no,
Optional['Compression'] => Ssh::Yes_no,
Optional['ConnectionAttempts'] => Integer[0],
Optional['ConnectTimeout'] => Integer[0],
Optional['ControlMaster'] => Enum['yes', 'no', 'ask', 'auto', 'autoask'],
Optional['ControlPath'] => String[1],
Optional['ControlPersist'] => String[1],
Optional['DynamicForward'] => String[1],
Optional['EnableEscapeCommandline'] => Ssh::Yes_no,
Optional['EnableSSHKeysign'] => Ssh::Yes_no,
Optional['EscapeChar'] => String[1],
Optional['ExitOnForwardFailure'] => Ssh::Yes_no,
Optional['FingerprintHash'] => Enum['sha256', 'md5'],
Optional['ForkAfterAuthentication'] => Ssh::Yes_no,
Optional['ForwardAgent'] => Ssh::Yes_no,
Optional['ForwardX11'] => Ssh::Yes_no,
Optional['ForwardX11Timeout'] => Variant[String[1], Integer[0]],
Optional['ForwardX11Trusted'] => Ssh::Yes_no,
Optional['GatewayPorts'] => Ssh::Yes_no,
Optional['GlobalKnownHostsFile'] => String[1],
Optional['GSSAPIAuthentication'] => Ssh::Yes_no,
Optional['GSSAPIDelegateCredentials'] => Ssh::Yes_no,
Optional['HashKnownHosts'] => Ssh::Yes_no,
Optional['HostbasedAcceptedAlgorithms'] => String[1],
Optional['HostbasedAuthentication'] => Ssh::Yes_no,
Optional['HostKeyAlgorithms'] => String[1],
Optional['HostKeyAlias'] => String[1],
Optional['Hostname'] => String[1],
Optional['IdentitiesOnly'] => Ssh::Yes_no,
Optional['IdentityAgent'] => String[1],
Optional['IdentityFile'] => String[1],
Optional['IgnoreUnknown'] => String[1],
Optional['Include'] => String[1],
Optional['IPQoS'] => String[1],
Optional['KbdInteractiveAuthentication'] => Ssh::Yes_no,
Optional['KbdInteractiveDevices'] => String[1],
Optional['KexAlgorithms'] => String[1],
Optional['KnownHostsCommand'] => String[1],
Optional['LocalCommand'] => String[1],
Optional['LocalForward'] => String[1],
Optional['LogLevel'] => Ssh::Log_level,
Optional['LogVerbose'] => String[1],
Optional['MACs'] => String[1],
Optional['NoHostAuthenticationForLocalhost'] => Ssh::Yes_no,
Optional['NumberOfPasswordPrompts'] => Integer[0],
Optional['PasswordAuthentication'] => Ssh::Yes_no,
Optional['PermitLocalCommand'] => Ssh::Yes_no,
Optional['PermitRemoteOpen'] => String[1],
Optional['PKCS11Provider'] => String[1],
Optional['Port'] => Stdlib::Port,
Optional['PreferredAuthentications'] => String[1],
Optional['ProxyCommand'] => String[1],
Optional['ProxyJump'] => String[1],
Optional['ProxyUseFdpass'] => Ssh::Yes_no,
Optional['PubkeyAcceptedAlgorithms'] => String[1],
Optional['PubkeyAuthentication'] => Ssh::Yes_no,
Optional['RekeyLimit'] => String[1],
Optional['RemoteCommand'] => String[1],
Optional['RemoteForward'] => String[1],
Optional['RequestTTY'] => Enum['no', 'yes', 'force', 'auto'],
Optional['RequiredRSASize'] => Integer[0],
Optional['RevokedHostKeys'] => String[1],
Optional['SecurityKeyProvider'] => String[1],
Optional['SendEnv'] => String[1],
Optional['ServerAliveCountMax'] => Variant[String[1], Integer[0]],
Optional['ServerAliveInterval'] => Variant[String[1], Integer[0]],
Optional['SessionType'] => Enum['default', 'none', 'subsystem'],
Optional['SetEnv'] => String[1],
Optional['StdinNull'] => Ssh::Yes_no,
Optional['StreamLocalBindMask'] => Stdlib::Filemode,
Optional['StreamLocalBindUnlink'] => Ssh::Yes_no,
Optional['StrictHostKeyChecking'] => Enum['yes', 'no', 'accept-new', 'off', 'ask'],
Optional['SyslogFacility'] => Ssh::Syslog_facility,
Optional['TCPKeepAlive'] => Ssh::Yes_no,
Optional['Tunnel'] => Enum['yes', 'no', 'point-to-point', 'ethernet'],
Optional['TunnelDevice'] => String[1],
Optional['UpdateHostKeys'] => Ssh::Yes_no,
Optional['User'] => String[1],
Optional['UserKnownHostsFile'] => String[1],
Optional['VerifyHostKeyDNS'] => Enum['yes', 'no', 'ask'],
Optional['VisualHostKey'] => Ssh::Yes_no,
Optional['XAuthLocation'] => String[1],
Optional['custom'] => Array,
}]
sshd_config configuration file parameters
Alias of
Struct[{
Optional['AcceptEnv'] => String[1],
Optional['AddressFamily'] => Enum['any', 'inet', 'inet6'],
Optional['AllowAgentForwarding'] => Ssh::Yes_no,
Optional['AllowGroups'] => String[1],
Optional['AllowStreamLocalForwarding'] => Enum['yes', 'all', 'no', 'local', 'remote'],
Optional['AllowTcpForwarding'] => Enum['yes', 'no', 'local', 'remote'],
Optional['AllowUsers'] => String[1],
Optional['AuthenticationMethods'] => String[1],
Optional['AuthorizedKeysCommand'] => String[1],
Optional['AuthorizedKeysCommandUser'] => String[1],
Optional['AuthorizedKeysFile'] => String[1],
Optional['AuthorizedPrincipalsCommand'] => String[1],
Optional['AuthorizedPrincipalsCommandUser'] => String[1],
Optional['AuthorizedPrincipalsFile'] => String[1],
Optional['Banner'] => String[1],
Optional['CASignatureAlgorithms'] => String[1],
Optional['ChallengeResponseAuthentication'] => Ssh::Yes_no,
Optional['ChannelTimeout'] => String[1],
Optional['ChrootDirectory'] => String[1],
Optional['Ciphers'] => String[1],
Optional['ClientAliveCountMax'] => Integer[0],
Optional['ClientAliveInterval'] => Integer[0],
Optional['Compression'] => Enum['yes', 'delayed', 'no'],
Optional['DenyGroups'] => String[1],
Optional['DenyUsers'] => String[1],
Optional['DisableForwarding'] => Ssh::Yes_no,
Optional['ExposeAuthInfo'] => Ssh::Yes_no,
Optional['FingerprintHash'] => Enum['md5', 'sha256'],
Optional['ForceCommand'] => String[1],
Optional['GatewayPorts'] => Enum['no', 'yes', 'clientspecified'],
Optional['GSSAPIAuthentication'] => Ssh::Yes_no,
Optional['GSSAPICleanupCredentials'] => Ssh::Yes_no,
Optional['GSSAPIStrictAcceptorCheck'] => Ssh::Yes_no,
Optional['HostbasedAcceptedAlgorithms'] => String[1],
Optional['HostbasedAuthentication'] => Ssh::Yes_no,
Optional['HostbasedUsesNameFromPacketOnly'] => Ssh::Yes_no,
Optional['HostCertificate'] => String[1],
Optional['HostKey'] => String[1],
Optional['HostKeyAgent'] => String[1],
Optional['HostKeyAlgorithms'] => String[1],
Optional['IgnoreRhosts'] => Ssh::Yes_no,
Optional['IgnoreUserKnownHosts'] => Ssh::Yes_no,
Optional['Include'] => String[1],
Optional['IPQoS'] => String[1],
Optional['KbdInteractiveAuthentication'] => Ssh::Yes_no,
Optional['KerberosAuthentication'] => Ssh::Yes_no,
Optional['KerberosGetAFSToken'] => Ssh::Yes_no,
Optional['KerberosOrLocalPasswd'] => Ssh::Yes_no,
Optional['KerberosTicketCleanup'] => Ssh::Yes_no,
Optional['KexAlgorithms'] => String[1],
Optional['ListenAddress'] => String[1],
Optional['LoginGraceTime'] => Integer[0],
Optional['LogLevel'] => Ssh::Log_level,
Optional['LogVerbose'] => String[1],
Optional['MACs'] => String[1],
Optional['Match'] => String[1],
Optional['MaxAuthTries'] => Integer[2],
Optional['MaxSessions'] => Integer[0],
Optional['MaxStartups'] => String[1],
Optional['ModuliFile'] => Stdlib::Absolutepath,
Optional['PasswordAuthentication'] => Ssh::Yes_no,
Optional['PermitEmptyPasswords'] => Ssh::Yes_no,
Optional['PermitListen'] => String[1],
Optional['PermitOpen'] => String[1],
Optional['PermitRootLogin'] => Ssh::Permit_root_login,
Optional['PermitTTY'] => Ssh::Yes_no,
Optional['PermitTunnel'] => Enum['yes', 'point-to-point', 'ethernet', 'no'],
Optional['PermitUserEnvironment'] => String[1],
Optional['PermitUserRC'] => Ssh::Yes_no,
Optional['PerSourceMaxStartups'] => String[1],
Optional['PerSourceNetBlockSize'] => String[1],
Optional['PidFile'] => String[1],
Optional['Port'] => Stdlib::Port,
Optional['PrintLastLog'] => Ssh::Yes_no,
Optional['PrintMotd'] => Ssh::Yes_no,
Optional['PubkeyAcceptedAlgorithms'] => String[1],
Optional['PubkeyAuthOptions'] => Enum['none', 'touch-required', 'verify-required'],
Optional['PubkeyAuthentication'] => Ssh::Yes_no,
Optional['RekeyLimit'] => String[1],
Optional['RequiredRSASize'] => Integer[0],
Optional['RevokedKeys'] => String[1],
Optional['RDomain'] => String[1],
Optional['SecurityKeyProvider'] => Stdlib::Absolutepath,
Optional['SetEnv'] => String[1],
Optional['StreamLocalBindMask'] => Stdlib::Filemode,
Optional['StreamLocalBindUnlink'] => Ssh::Yes_no,
Optional['StrictModes'] => Ssh::Yes_no,
Optional['Subsystem'] => String[1],
Optional['SyslogFacility'] => Ssh::Syslog_facility,
Optional['TCPKeepAlive'] => Ssh::Yes_no,
Optional['TrustedUserCAKeys'] => String[1],
Optional['UseDNS'] => Ssh::Yes_no,
Optional['UsePAM'] => Ssh::Yes_no,
Optional['VersionAddendum'] => String[1],
Optional['X11DisplayOffset'] => Integer[0],
Optional['X11Forwarding'] => Ssh::Yes_no,
Optional['X11UseLocalhost'] => Ssh::Yes_no,
Optional['XAuthLocation'] => String[1],
Optional['custom'] => Array,
}]
validate syslog facilities used by SSH
Alias of Enum['DAEMON', 'USER', 'AUTH', 'LOCAL0', 'LOCAL1', 'LOCAL2', 'LOCAL3', 'LOCAL4', 'LOCAL5', 'LOCAL6', 'LOCAL7', 'AUTHPRIV']
validate SSH configuration that uses yes/no.
Alias of Enum['yes', 'no']