From 3f82045b9c3b4a833cd57e2f57ab14634abd5c40 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Mon, 24 Feb 2014 22:46:46 +0100 Subject: [PATCH 01/14] use template for sshd_config file --- manifests/init.pp | 7 +++++-- manifests/params.pp | 12 ++++++++++++ manifests/server.pp | 18 ++++++++++++++++-- manifests/server/config.pp | 7 +++---- templates/sshd_config.erb | 9 +++++++++ 5 files changed, 45 insertions(+), 8 deletions(-) create mode 100644 templates/sshd_config.erb diff --git a/manifests/init.pp b/manifests/init.pp index fe0ea452a..4180df9c3 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,6 +1,9 @@ class ssh ( - $disable_user_known_hosts = true -) { + $sshd_default_options = $ssh::params::sshd_default_options, + $sshd_options = {}, + $ssh_default_options = $ssh::params::ssh_default_options, + $ssh_options = {} +) inherits ssh::params { include ssh::server include ssh::client } diff --git a/manifests/params.pp b/manifests/params.pp index fb7fa2d5d..e7b71131c 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -32,4 +32,16 @@ } } } + + $sshd_default_options = { + 'ChallengeResponseAuthentication' => 'no', + 'X11Forwarding' => 'yes', + 'PrintMotd' => 'no', + 'AcceptEnv' => 'LANG LC_*', + 'Subsystem' => 'sftp /usr/lib/openssh/sftp-server', + 'UsePAM' => 'yes', + } + + $ssh_default_options = { + } } diff --git a/manifests/server.pp b/manifests/server.pp index f09a839f3..48a45c41d 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,8 +1,22 @@ -class ssh::server { - include ssh::params +class ssh::server( + $default_options = $ssh::params::sshd_default_options, + $options = {} +) inherits ssh::params { + include ssh::server::install include ssh::server::config include ssh::server::service include ssh::hostkeys include ssh::knownhosts + + anchor { 'ssh::server::start': } + anchor { 'ssh::server::end': } + + Anchor['ssh::server::start'] -> + Class['ssh::server::install'] -> + Class['ssh::server::config'] ~> + Class['ssh::server::service'] -> + Class['ssh::hostkeys'] -> + Class['ssh::knownhosts'] -> + Anchor['ssh::server::end'] } diff --git a/manifests/server/config.pp b/manifests/server/config.pp index 48be6f317..dc7615d56 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -1,11 +1,10 @@ class ssh::server::config { file { $ssh::params::sshd_config: ensure => present, - owner => 'root', - group => 'root', + owner => 0, + group => 0, mode => '0600', - replace => false, - source => "puppet:///modules/${module_name}/sshd_config", + content => template("${module_name}/sshd_config.erb"), require => Class['ssh::server::install'], notify => Class['ssh::server::service'], } diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb new file mode 100644 index 000000000..dda821002 --- /dev/null +++ b/templates/sshd_config.erb @@ -0,0 +1,9 @@ +# File is managed by Puppet + +<%- scope.lookupvar('ssh::server::default_options').each do |k, v| -%> +<%= k %> <%= v %> +<%- end -%> + +<%- scope.lookupvar('ssh::server::options').each do |k, v| -%> +<%= k %> <%= v %> +<%- end -%> From ef5666f3555d549dd4203c5381592979c9eddf7e Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Mon, 24 Feb 2014 22:55:08 +0100 Subject: [PATCH 02/14] add disable_user_known_hosts variable for now --- manifests/init.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/init.pp b/manifests/init.pp index 4180df9c3..2db8a6aea 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,4 +1,5 @@ class ssh ( + $disable_user_known_hosts = true, $sshd_default_options = $ssh::params::sshd_default_options, $sshd_options = {}, $ssh_default_options = $ssh::params::ssh_default_options, From 1d5f3a51b1bc16f4b7f5cbf27951fd2ff44c47be Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Mon, 24 Feb 2014 22:58:51 +0100 Subject: [PATCH 03/14] remove obsolete configline --- manifests/server/configline.pp | 39 ---------------------------------- 1 file changed, 39 deletions(-) delete mode 100644 manifests/server/configline.pp diff --git a/manifests/server/configline.pp b/manifests/server/configline.pp deleted file mode 100644 index 8f8e225d6..000000000 --- a/manifests/server/configline.pp +++ /dev/null @@ -1,39 +0,0 @@ -define ssh::server::configline ( - $ensure = present, - $value = false -) { - include ssh::server - - Augeas { - context => "/files${ssh::params::sshd_config}", - notify => Class['ssh::server::service'], - require => Class['ssh::server::config'], - } - - case $ensure { - present: { - augeas { "sshd_config_${name}": - changes => "set ${name} ${value}", - onlyif => "get ${name} != ${value}", - } - } - add: { - augeas { "sshd_config_${name}": - onlyif => "get ${name}[. = '${value}'] != ${value}", - changes => [ - "ins ${name} after ${name}[last()]", - "set ${name}[last()] ${value}" - ], - } - } - absent: { - augeas { "sshd_config_${name}": - changes => "rm ${name}", - onlyif => "get ${name}", - } - } - default: { - fail("ensure value must be present, add or absent, not ${ensure}") - } - } -} From a83c787a3d55684cd10c21d76f4190ad8d26a1fa Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Mon, 24 Feb 2014 23:27:35 +0100 Subject: [PATCH 04/14] use template for ssh_config, merge options --- manifests/client.pp | 16 ++++++++-- manifests/client/config.pp | 6 ++-- manifests/params.pp | 5 +++ manifests/server.pp | 2 +- templates/ssh_config.erb | 65 ++++++-------------------------------- templates/sshd_config.erb | 10 +++--- 6 files changed, 37 insertions(+), 67 deletions(-) diff --git a/manifests/client.pp b/manifests/client.pp index 8cd21e268..1a18d1bd2 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -1,6 +1,18 @@ -class ssh::client { - include ssh::params +class ssh::client( + $options = {} +) inherits ssh::params { + $merged_options = merge($ssh::params::ssh_default_options, $options) + include ssh::client::install include ssh::client::config include ssh::knownhosts + + anchor { 'ssh::client::start': } + anchor { 'ssh::client::end': } + + Anchor['ssh::client::start'] -> + Class['ssh::client::install'] -> + Class['ssh::client::config'] -> + Class['ssh::knownhosts'] -> + Anchor['ssh::client::end'] } diff --git a/manifests/client/config.pp b/manifests/client/config.pp index 5c4f497a3..608fd8cbd 100644 --- a/manifests/client/config.pp +++ b/manifests/client/config.pp @@ -1,8 +1,8 @@ -class ssh::client::config inherits ssh { +class ssh::client::config { file { $ssh::params::ssh_config: ensure => present, - owner => 'root', - group => 'root', + owner => 0, + group => 0, content => template("${module_name}/ssh_config.erb"), require => Class['ssh::client::install'], } diff --git a/manifests/params.pp b/manifests/params.pp index e7b71131c..90a1dae4f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -43,5 +43,10 @@ } $ssh_default_options = { + 'Host *' => { + 'SendEnv' => 'LANG LC_*', + 'HashKnownHosts' => 'yes', + 'GSSAPIAuthentication' => 'yes', + }, } } diff --git a/manifests/server.pp b/manifests/server.pp index 48a45c41d..65ca278a7 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,7 +1,7 @@ class ssh::server( - $default_options = $ssh::params::sshd_default_options, $options = {} ) inherits ssh::params { + $merged_options = merge($ssh::params::sshd_default_options, $options) include ssh::server::install include ssh::server::config diff --git a/templates/ssh_config.erb b/templates/ssh_config.erb index 4262d03be..78be4aa06 100644 --- a/templates/ssh_config.erb +++ b/templates/ssh_config.erb @@ -1,56 +1,9 @@ - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -Host * -# ForwardAgent no -# ForwardX11 no -# ForwardX11Trusted yes -# RhostsRSAAuthentication no -# RSAAuthentication yes -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# GSSAPIKeyExchange no -# GSSAPITrustDNS no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no -# VisualHostKey no -# ProxyCommand ssh -q -W %h:%p gateway.example.com - SendEnv LANG LC_* - HashKnownHosts yes - GSSAPIAuthentication yes - GSSAPIDelegateCredentials no - <% if disable_user_known_hosts %> - UserKnownHostsFile /dev/null - <% end %> +# File managed by Puppet + +<%- scope.lookupvar('ssh::client::merged_options').each do |k, v| -%> +<%- if v.is_a(Hash) -%> +<%= k %> +<%- v.each do |key, value| -%> + <%= key %> <%= value %> +<%- end -%> +<%- end -%> diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index dda821002..86c904204 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -1,9 +1,9 @@ # File is managed by Puppet -<%- scope.lookupvar('ssh::server::default_options').each do |k, v| -%> -<%= k %> <%= v %> +<%- scope.lookupvar('ssh::server::merged_options').each do |k, v| -%> +<%- if v.is_a(Hash) -%> +<%= k %> +<%- v.each do |key, value| -%> + <%= key %> <%= value %> <%- end -%> - -<%- scope.lookupvar('ssh::server::options').each do |k, v| -%> -<%= k %> <%= v %> <%- end -%> From 23a20d3037c575e4d2abee07080c6547709bf2ff Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Mon, 24 Feb 2014 23:29:30 +0100 Subject: [PATCH 05/14] fix ssh* templates --- templates/ssh_config.erb | 1 + templates/sshd_config.erb | 1 + 2 files changed, 2 insertions(+) diff --git a/templates/ssh_config.erb b/templates/ssh_config.erb index 78be4aa06..558822ee9 100644 --- a/templates/ssh_config.erb +++ b/templates/ssh_config.erb @@ -7,3 +7,4 @@ <%= key %> <%= value %> <%- end -%> <%- end -%> +<%- end -%> diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 86c904204..cc0239acc 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -7,3 +7,4 @@ <%= key %> <%= value %> <%- end -%> <%- end -%> +<%- end -%> From afc32e516a639c623b9c2be9cba9a7bf0c094849 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Mon, 24 Feb 2014 23:31:55 +0100 Subject: [PATCH 06/14] fix is_a condition --- templates/ssh_config.erb | 2 +- templates/sshd_config.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/ssh_config.erb b/templates/ssh_config.erb index 558822ee9..030d76107 100644 --- a/templates/ssh_config.erb +++ b/templates/ssh_config.erb @@ -1,7 +1,7 @@ # File managed by Puppet <%- scope.lookupvar('ssh::client::merged_options').each do |k, v| -%> -<%- if v.is_a(Hash) -%> +<%- if v.is_a?(Hash) -%> <%= k %> <%- v.each do |key, value| -%> <%= key %> <%= value %> diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index cc0239acc..95581d2b5 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -1,7 +1,7 @@ # File is managed by Puppet <%- scope.lookupvar('ssh::server::merged_options').each do |k, v| -%> -<%- if v.is_a(Hash) -%> +<%- if v.is_a?(Hash) -%> <%= k %> <%- v.each do |key, value| -%> <%= key %> <%= value %> From 42030ee8aabc0fcceee4888171e1ae696ce04995 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Mon, 24 Feb 2014 23:36:41 +0100 Subject: [PATCH 07/14] add default case, if no hash is given --- templates/ssh_config.erb | 2 ++ templates/sshd_config.erb | 2 ++ 2 files changed, 4 insertions(+) diff --git a/templates/ssh_config.erb b/templates/ssh_config.erb index 030d76107..142681914 100644 --- a/templates/ssh_config.erb +++ b/templates/ssh_config.erb @@ -6,5 +6,7 @@ <%- v.each do |key, value| -%> <%= key %> <%= value %> <%- end -%> +<%- else -%> +<%= k %> <%= v %> <%- end -%> <%- end -%> diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 95581d2b5..d93ec4221 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -6,5 +6,7 @@ <%- v.each do |key, value| -%> <%= key %> <%= value %> <%- end -%> +<%- else -%> +<%= k %> <%= v %> <%- end -%> <%- end -%> From 13e5b222ffcae521dbe878294646ace04162641a Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Mon, 24 Feb 2014 23:46:10 +0100 Subject: [PATCH 08/14] update README, add ssh options --- README.markdown | 24 +++++++++++++++++++++++- manifests/init.pp | 16 +++++++++------- 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/README.markdown b/README.markdown index 73ee86acd..4970e1b68 100644 --- a/README.markdown +++ b/README.markdown @@ -23,6 +23,28 @@ Host keys will be collected and distributed include ssh ``` +### Changing options + +``` + class { 'ssh': + server_options => { + 'Match User www-data' => { + 'ChrootDirectory' => '%h', + 'ForceCommand' => 'internal-sftp', + 'PasswordAuthentication' => 'yes', + 'AllowTcpForwarding' => 'no', + 'X11Forwarding' => 'no', + }, + }, + client_options => { + 'Host *.amazonaws.com' => { + 'User' => 'ec2-user', + }, + }, + } +``` + # Requirements -Requires Exported resources and augeas in order to work +* Exported resources for host keys management +* puppetlabs/stdlib diff --git a/manifests/init.pp b/manifests/init.pp index 2db8a6aea..6d2cedbde 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,10 +1,12 @@ class ssh ( - $disable_user_known_hosts = true, - $sshd_default_options = $ssh::params::sshd_default_options, - $sshd_options = {}, - $ssh_default_options = $ssh::params::ssh_default_options, - $ssh_options = {} + $server_options = {}, + $client_options = {} ) inherits ssh::params { - include ssh::server - include ssh::client + class { 'ssh::server': + options => $server_options, + } + + class { 'ssh::client': + options => $client_options, + } } From 568945bcc4253342affd649d670b74136b5aacf4 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Tue, 25 Feb 2014 00:55:43 +0100 Subject: [PATCH 09/14] Update README --- README.markdown | 67 ++++++++++++++++++++++++++++++++++++------------- 1 file changed, 50 insertions(+), 17 deletions(-) diff --git a/README.markdown b/README.markdown index 4970e1b68..47e395c0a 100644 --- a/README.markdown +++ b/README.markdown @@ -2,29 +2,22 @@ Manage SSH client and server via Puppet -## Client only -Collected host keys from servers will be written to known_hosts - -``` - include ssh::client -``` +### Gittip +[![Support via Gittip](https://rawgithub.com/twolfson/gittip-badge/0.2.0/dist/gittip.png)](https://www.gittip.com/saz/) -## Server only -Host keys will be collected for client distribution +## Requirements +* Exported resources for host keys management +* puppetlabs/stdlib -``` - include ssh::server -``` +## Usage -## Both client and server +### Both client and server Host keys will be collected and distributed ``` include ssh ``` -### Changing options - ``` class { 'ssh': server_options => { @@ -44,7 +37,47 @@ Host keys will be collected and distributed } ``` -# Requirements -* Exported resources for host keys management -* puppetlabs/stdlib +### Client only +Collected host keys from servers will be written to known_hosts +``` + include ssh::client +``` + +``` + class { 'ssh::client': + options => { + 'Host short' => { + 'User' => 'my-user', + 'HostName' => 'extreme.long.and.complicated.hostname.domain.tld', + }, + 'Host *' => { + 'User' => 'andromeda', + 'UserKnownHostsFile' => '/dev/null', + }, + }, + } +``` + +### Server only +Host keys will be collected for client distribution + +``` + include ssh::server +``` + +``` + class { 'ssh::server': + options => { + 'Match User www-data' => { + 'ChrootDirectory' => '%h', + 'ForceCommand' => 'internal-sftp', + 'PasswordAuthentication' => 'yes', + 'AllowTcpForwarding' => 'no', + 'X11Forwarding' => 'no', + }, + 'PasswordAuthentication' => 'no', + 'PermitRootLogin' => 'no', + }, + } +``` From 1f87ad63c37c7a765bab6514379e5a76f278d76a Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Tue, 25 Feb 2014 00:57:29 +0100 Subject: [PATCH 10/14] Update README --- README.markdown | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.markdown b/README.markdown index 47e395c0a..142a2d918 100644 --- a/README.markdown +++ b/README.markdown @@ -18,6 +18,8 @@ Host keys will be collected and distributed include ssh ``` +or + ``` class { 'ssh': server_options => { @@ -44,6 +46,8 @@ Collected host keys from servers will be written to known_hosts include ssh::client ``` +or + ``` class { 'ssh::client': options => { @@ -66,6 +70,8 @@ Host keys will be collected for client distribution include ssh::server ``` +or + ``` class { 'ssh::server': options => { From dd888e3c14f57d36ea87526e852a674d949579de Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Tue, 25 Feb 2014 19:41:23 +0100 Subject: [PATCH 11/14] support multiple values for one key --- templates/ssh_config.erb | 12 ++++++++++++ templates/sshd_config.erb | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/templates/ssh_config.erb b/templates/ssh_config.erb index 142681914..cf4703bc0 100644 --- a/templates/ssh_config.erb +++ b/templates/ssh_config.erb @@ -4,9 +4,21 @@ <%- if v.is_a?(Hash) -%> <%= k %> <%- v.each do |key, value| -%> + <%- if value.is_a?(Array) -%> + <%- value.each do |a| -%> + <%= key %> <%= a %> + <%- end -%> + <%- else -%> <%= key %> <%= value %> + <%- end -%> +<%- end -%> +<%- else -%> +<%- if v.is_a?(Array) -%> +<%- v.each do |a| -%> +<%= k %> <%= a %> <%- end -%> <%- else -%> <%= k %> <%= v %> <%- end -%> <%- end -%> +<%- end -%> diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index d93ec4221..1fcd20944 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -4,9 +4,21 @@ <%- if v.is_a?(Hash) -%> <%= k %> <%- v.each do |key, value| -%> + <%- if value.is_a?(Array) -%> + <%- value.each do |a| -%> + <%= key %> <%= a %> + <%- end -%> + <%- else -%> <%= key %> <%= value %> + <%- end -%> +<%- end -%> +<%- else -%> +<%- if v.is_a?(Array) -%> +<%- v.each do |a| -%> +<%= k %> <%= a %> <%- end -%> <%- else -%> <%= k %> <%= v %> <%- end -%> <%- end -%> +<%- end -%> From 95a78df22dc9102994fa53e1a4e6db2839c0ad7c Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Tue, 25 Feb 2014 19:41:31 +0100 Subject: [PATCH 12/14] improve README --- README.markdown | 62 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/README.markdown b/README.markdown index 142a2d918..7cf755dbf 100644 --- a/README.markdown +++ b/README.markdown @@ -11,6 +11,12 @@ Manage SSH client and server via Puppet ## Usage +Since version 3.0.0 only non-default values are written to both, +client and server, configuration files. + +Multiple occurances of one config key (e.g. sshd should be listening on +port 22 and 2222) should be passed as a list. + ### Both client and server Host keys will be collected and distributed @@ -30,6 +36,7 @@ or 'AllowTcpForwarding' => 'no', 'X11Forwarding' => 'no', }, + Port => [22, 2222, 2288], }, client_options => { 'Host *.amazonaws.com' => { @@ -83,7 +90,60 @@ or 'X11Forwarding' => 'no', }, 'PasswordAuthentication' => 'no', - 'PermitRootLogin' => 'no', + 'PermitRootLogin' => 'no', + 'Port' => [22, 2222], + }, + } +``` + +## Default options + +### Client + +``` + 'Host *' => { + 'SendEnv' => 'LANG LC_*', + 'HashKnownHosts' => 'yes', + 'GSSAPIAuthentication' => 'yes', + } +``` + +### Server + +``` + 'ChallengeResponseAuthentication' => 'no', + 'X11Forwarding' => 'yes', + 'PrintMotd' => 'no', + 'AcceptEnv' => 'LANG LC_*', + 'Subsystem' => 'sftp /usr/lib/openssh/sftp-server', + 'UsePAM' => 'yes', +``` + +## Overwriting default options +Default options will be merged with options passed in. +If an option is set both as default and via options parameter, the latter will +will win. + +The following example will disable X11Forwarding, which is enabled by default: + +``` + class { 'ssh::server': + options => { + 'X11Forwarding' => 'no', }, } ``` + +Which will lead to the following sshd_config file: + +``` +# File is managed by Puppet + +ChallengeResponseAuthentication no +X11Forwarding no +PrintMotd no +AcceptEnv LANG LC_* +Subsystem sftp /usr/lib/openssh/sftp-server +UsePAM yes +PasswordAuthentication no +``` From 64a2ceb4b9d9e6da34346d75999fc4c72114cd2d Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Tue, 25 Feb 2014 19:47:27 +0100 Subject: [PATCH 13/14] fix README --- README.markdown | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/README.markdown b/README.markdown index 7cf755dbf..d9ebd7db5 100644 --- a/README.markdown +++ b/README.markdown @@ -11,11 +11,19 @@ Manage SSH client and server via Puppet ## Usage -Since version 3.0.0 only non-default values are written to both, +Since version 2.0.0 only non-default values are written to both, client and server, configuration files. Multiple occurances of one config key (e.g. sshd should be listening on -port 22 and 2222) should be passed as a list. +port 22 and 2222) should be passed as an array. + +``` + options => { + Port => [22, 2222], + } +``` + +This is working for both, client and server ### Both client and server Host keys will be collected and distributed From a249e85804cc04cba5901a8114db4ca97a385ad0 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Tue, 25 Feb 2014 19:47:39 +0100 Subject: [PATCH 14/14] update to new version 2.0.0 --- Modulefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modulefile b/Modulefile index b13e06770..9268adbf7 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'saz-ssh' -version '1.4.0' +version '2.0.0' source 'git://github.com/saz/puppet-ssh.git' author 'saz' license 'Apache License, Version 2.0'