{"id":15517541,"url":"https://github.com/bodgit/puppet-openssh","last_synced_at":"2025-03-28T19:48:16.924Z","repository":{"id":57664573,"uuid":"65150905","full_name":"bodgit/puppet-openssh","owner":"bodgit","description":"Puppet Module for managing OpenSSH","archived":false,"fork":false,"pushed_at":"2019-01-13T18:00:24.000Z","size":133,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-12T09:47:40.116Z","etag":null,"topics":["openssh","openssh-client","openssh-ldap-publickey","openssh-server","puppet"],"latest_commit_sha":null,"homepage":"https://forge.puppet.com/bodgit/openssh","language":"Puppet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bodgit.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-08-07T19:42:32.000Z","updated_at":"2019-01-13T18:00:26.000Z","dependencies_parsed_at":"2022-09-11T06:06:21.326Z","dependency_job_id":null,"html_url":"https://github.com/bodgit/puppet-openssh","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodgit%2Fpuppet-openssh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodgit%2Fpuppet-openssh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodgit%2Fpuppet-openssh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodgit%2Fpuppet-openssh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bodgit","download_url":"https://codeload.github.com/bodgit/puppet-openssh/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246093105,"owners_count":20722395,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openssh","openssh-client","openssh-ldap-publickey","openssh-server","puppet"],"created_at":"2024-10-02T10:13:44.020Z","updated_at":"2025-03-28T19:48:16.905Z","avatar_url":"https://github.com/bodgit.png","language":"Puppet","readme":"# openssh\n\nTested with Travis CI\n\n[![Build Status](https://travis-ci.org/bodgit/puppet-openssh.svg?branch=master)](https://travis-ci.org/bodgit/puppet-openssh)\n[![Coverage Status](https://coveralls.io/repos/bodgit/puppet-openssh/badge.svg?branch=master\u0026service=github)](https://coveralls.io/github/bodgit/puppet-openssh?branch=master)\n[![Puppet Forge](http://img.shields.io/puppetforge/v/bodgit/openssh.svg)](https://forge.puppetlabs.com/bodgit/openssh)\n\n#### Table of Contents\n\n1. [Description](#description)\n2. [Setup - The basics of getting started with openssh](#setup)\n    * [Beginning with openssh](#beginning-with-openssh)\n3. [Usage - Configuration options and additional functionality](#usage)\n4. [Reference - An under-the-hood peek at what the module is doing and how](#reference)\n5. [Limitations - OS compatibility, etc.](#limitations)\n6. [Development - Guide for contributing to the module](#development)\n\n## Description\n\nThis module manages OpenSSH.\n\nCentOS, RHEL, Scientific, Oracle Enterprise Linux and OpenBSD is supported\nusing Puppet 4.9.0 or later.\n\n## Setup\n\n### Beginning with openssh\n\nThe module defaults match those of the target OS so in the very simplest case, you can just include the following:\n\n```puppet\ninclude ::openssh::client\ninclude ::openssh::server\n```\n\n## Usage\n\nIf you want to tune the security settings of the server:\n\n```puppet\nclass { '::openssh::server':\n  allow_groups                      =\u003e ['ssh-user'],\n  challenge_response_authentication =\u003e false,\n  ciphers                           =\u003e [\n    'chacha20-poly1305@openssh.com',\n    'aes256-gcm@openssh.com',\n    'aes128-gcm@openssh.com',\n    'aes256-ctr',\n    'aes192-ctr',\n    'aes128-ctr',\n  ],\n  host_key                          =\u003e [\n    '/etc/ssh/ssh_host_ed25519_key',\n    '/etc/ssh/ssh_host_rsa_key',\n  ],\n  kex_algorithms                    =\u003e [\n    'curve25519-sha256@libssh.org',\n    'diffie-hellman-group-exchange-sha256',\n  ],\n  macs                              =\u003e [\n    'hmac-sha2-512-etm@openssh.com',\n    'hmac-sha2-256-etm@openssh.com',\n    'hmac-ripemd160-etm@openssh.com',\n    'umac-128-etm@openssh.com',\n    'hmac-sha2-512',\n    'hmac-sha2-256',\n    'hmac-ripemd160',\n    'umac-128@openssh.com',\n  ],\n  password_authentication           =\u003e false,\n  permit_root_login                 =\u003e false,\n  pubkey_authentication             =\u003e true,\n  protocol                          =\u003e [2],\n}\n```\n\nEnabling SSH public key lookups from LDAP:\n\n```puppet\nclass { '::openssh::server':\n  authorized_keys_command      =\u003e '/usr/libexec/openssh/ssh-ldap-helper',\n  authorized_keys_command_user =\u003e 'nobody',\n}\n\nclass { '::openssh::server::ldap':\n  base_dn =\u003e 'ou=people,dc=example,dc=com',\n  group   =\u003e 'nobody',\n  uri     =\u003e [\n    'ldap://ldap.example.com',\n  ],\n}\n```\n\nTo add `Match ...` blocks to the server configuration:\n\n```puppet\ninclude ::openssh::server\n\n::openssh::server::match { 'sftponly':\n  group                =\u003e [\n    'sftponly',\n  ],\n  chroot_directory     =\u003e '%h',\n  force_command        =\u003e 'internal-sftp',\n  allow_tcp_forwarding =\u003e false,\n  x11_forwarding       =\u003e false,\n}\n```\n\nTo create a client configuration file and manage `Host ...` and `Match ...`\nblocks within it:\n\n```puppet\ninclude ::openssh::client\n\n::openssh::client::configuration { '/home/user/.ssh/config':\n  owner =\u003e 'user',\n  group =\u003e 'user',\n  mode  =\u003e '0640',\n}\n\n::openssh::client::host { 'default':\n  host          =\u003e '*',\n  target        =\u003e '/home/user/.ssh/config',\n  order         =\u003e 99,\n  proxy_command =\u003e '/usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p',\n}\n\n::openssh::client::match { 'catch-all':\n  target        =\u003e '/home/user/.ssh/config',\n  proxy_command =\u003e '/usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p',\n}\n```\n\n## Reference\n\nThe reference documentation is generated with\n[puppet-strings](https://github.com/puppetlabs/puppet-strings) and the latest\nversion of the documentation is hosted at\n[https://bodgit.github.io/puppet-openssh/](https://bodgit.github.io/puppet-openssh/).\n\n## Limitations\n\nThis module has been built on and tested against Puppet 4.9.0 and higher.\n\nThe module has been tested on:\n\n* Red Hat/CentOS Enterprise Linux 6/7\n* OpenBSD 6.2/6.3\n\n## Development\n\nThe module has both [rspec-puppet](http://rspec-puppet.com) and\n[beaker-rspec](https://github.com/puppetlabs/beaker-rspec) tests. Run them\nwith:\n\n```\n$ bundle exec rake test\n$ PUPPET_INSTALL_TYPE=agent PUPPET_INSTALL_VERSION=x.y.z bundle exec rake beaker:\u003cnodeset\u003e\n```\n\nPlease log issues or pull requests at\n[github](https://github.com/bodgit/puppet-openssh).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbodgit%2Fpuppet-openssh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbodgit%2Fpuppet-openssh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbodgit%2Fpuppet-openssh/lists"}