puppet-ssh/data/common.yaml at 6b18748076be96f19c7afc76a5ce9f9c723a2cd8 · umdsais/puppet-ssh · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
---
lookup_options:
  ssh::server_options:
    merge: deep
  ssh::server_match_block:
    merge: deep
  ssh::client_options:
    merge: deep
  ssh::users_client_options:
    merge: deep
  ssh::server::options:
    merge: deep
  ssh::client::options:
    merge: deep
  ssh::server_instances:
    merge: deep

ssh::server::sshd_dir: '/etc/ssh'
ssh::server::sshd_config: '/etc/ssh/sshd_config'
ssh::server::sshd_config_mode: '0600'
ssh::client::ssh_config: '/etc/ssh/ssh_config'
ssh::server::service_name: 'svc:/network/ssh:default'
ssh::sftp_server_path: 'internal-sftp'
ssh::server::host_priv_key_group: 0
ssh::server::host_priv_key_mode: '0600'
ssh::validate_sshd_file             : false
ssh::collect_enabled                : true   # Collect sshkey resources
ssh::server::issue_net              : '/etc/issue.net'
ssh::knownhosts::collect_enabled    : true

ssh::server::default_options:
  ChallengeResponseAuthentication: 'no'
  X11Forwarding: 'yes'
  PrintMotd: 'no'
  AcceptEnv: 'LANG LC_*'
  Subsystem: "sftp %{lookup('ssh::sftp_server_path')}"
  UsePAM: 'yes'

ssh::client::default_options:
  'Host *':
    SendEnv: 'LANG LC_*'
    HashKnownHosts: 'yes'