1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
class ssh (
Variant[Enum['prohibit-password'], Boolean] $permit_root_login = false,
Array[String] $authorized_keys = [],
) {
$pkgs = $facts['os']['family'] ? {
'Debian' => ['openssh-server'],
'Archlinux' => ['openssh'],
}
ensure_packages($pkgs)
$root_login = $permit_root_login ? {
'prohibit-password' => 'prohibit-password',
true => 'yes',
false => 'no',
}
file_line { 'sshd permit_root_login':
ensure => present,
path => '/etc/ssh/sshd_config',
line => "PermitRootLogin ${root_login}",
match => '^#? *PermitRootLogin ',
}
file { '/root/.ssh':
ensure => directory,
}
file { '/root/.ssh/authorized_keys':
ensure => file,
}
$authorized_keys.each |$key| {
file_line { "Authorize ssh key ${key}":
path => '/root/.ssh/authorized_keys',
line => $key,
}
}
# file { '/etc/ssh/sshd_config':
# ensure => file,
# content => epp('ssh/sshd_config.epp'),
# }
}
|