1 |
class openssh { |
2 |
class server { |
3 |
# some trick to manage sftp server, who is arch dependent on mdv |
4 |
$path_to_sftp = "$lib_dir/ssh/" |
5 |
|
6 |
package { "openssh-server": |
7 |
ensure => installed |
8 |
} |
9 |
|
10 |
service { sshd: |
11 |
ensure => running, |
12 |
path => "/etc/init.d/sshd", |
13 |
subscribe => [ Package["openssh-server"] ] |
14 |
} |
15 |
|
16 |
|
17 |
file { "/etc/ssh/sshd_config": |
18 |
ensure => present, |
19 |
owner => root, |
20 |
group => root, |
21 |
mode => 644, |
22 |
require => Package["openssh-server"], |
23 |
content => template("openssh/sshd_config"), |
24 |
notify => Service["sshd"] |
25 |
} |
26 |
} |
27 |
|
28 |
class ssh_keys_from_ldap inherits server { |
29 |
|
30 |
File ["/etc/ssh/sshd_config"] { |
31 |
content => template("openssh/sshd_config","openssh/sshd_config_ldap") |
32 |
} |
33 |
|
34 |
package { 'python-ldap': |
35 |
ensure => installed, |
36 |
} |
37 |
|
38 |
$pubkeys_directory = "/var/lib/pubkeys" |
39 |
file { $pubkeys_directory: |
40 |
ensure => directory, |
41 |
owner => root, |
42 |
group => root, |
43 |
mode => 755, |
44 |
# before => Class["openssh"] |
45 |
} |
46 |
|
47 |
file { "$pubkeys_directory/root": |
48 |
ensure => directory, |
49 |
owner => root, |
50 |
group => root, |
51 |
mode => 700, |
52 |
} |
53 |
|
54 |
file { "$pubkeys_directory/root/authorized_keys": |
55 |
ensure => "/root/.ssh/authorized_keys", |
56 |
mode => 700, |
57 |
} |
58 |
|
59 |
$sshkey2file = "/usr/local/bin/ldap-sshkey2file.py" |
60 |
$ldap_pwfile = "/etc/ldap.secret" |
61 |
file { $sshkey2file: |
62 |
ensure => present, |
63 |
owner => root, |
64 |
group => root, |
65 |
mode => 755, |
66 |
content => template("restrictshell/ldap-sshkey2file.py"), |
67 |
require => Package['python-ldap'] |
68 |
} |
69 |
cron { 'sshkey2file': |
70 |
command => $sshkey2file, |
71 |
hour => "*", |
72 |
minute => */10, |
73 |
user => root, |
74 |
environment => "MAILTO=root", |
75 |
require => File[$sshkey2file], |
76 |
} |
77 |
} |
78 |
} |