1 |
class openssh { |
2 |
|
3 |
# some trick to manage sftp server, who is arch dependent on mdv |
4 |
$path_to_sftp = "$lib_dir/ssh/" |
5 |
|
6 |
package { "openssh-server": |
7 |
ensure => installed |
8 |
} |
9 |
|
10 |
service { sshd: |
11 |
ensure => running, |
12 |
path => "/etc/init.d/sshd", |
13 |
subscribe => [ Package["openssh-server"], File["sshd_config"] ] |
14 |
} |
15 |
|
16 |
file { "sshd_config": |
17 |
path => "/etc/ssh/sshd_config", |
18 |
ensure => present, |
19 |
owner => root, |
20 |
group => root, |
21 |
mode => 644, |
22 |
require => Package["openssh-server"], |
23 |
content => template("openssh/sshd_config") |
24 |
} |
25 |
|
26 |
|
27 |
class ssh_keys_from_ldap { |
28 |
|
29 |
package { 'python-ldap': |
30 |
ensure => installed, |
31 |
} |
32 |
|
33 |
$pubkeys_directory = "/var/lib/pubkeys" |
34 |
file { $pubkeys_directory: |
35 |
ensure => directory, |
36 |
owner => root, |
37 |
group => root, |
38 |
mode => 755, |
39 |
# before => Class["openssh"] |
40 |
} |
41 |
|
42 |
file { "$pubkeys_directory/root": |
43 |
ensure => directory, |
44 |
owner => root, |
45 |
group => root, |
46 |
mode => 700, |
47 |
} |
48 |
|
49 |
file { "$pubkeys_directory/root/authorized_keys": |
50 |
ensure => "/root/.ssh/authorized_keys", |
51 |
mode => 700, |
52 |
} |
53 |
|
54 |
$ldap_pwfile = "/etc/ldap.secret" |
55 |
file { '/usr/local/bin/ldap-sshkey2file.py': |
56 |
ensure => present, |
57 |
owner => root, |
58 |
group => root, |
59 |
mode => 755, |
60 |
content => template("restrictshell/ldap-sshkey2file.py"), |
61 |
require => Package['python-ldap'] |
62 |
} |
63 |
} |
64 |
} |