Last active
December 30, 2016 21:43
-
-
Save peelman/078650a5cba087c1ec3f63925dd4811f to your computer and use it in GitHub Desktop.
Use puppet to generate ED25519 keys (for older systems or systems that didn't get them generated automatically)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if ($::operatingsystem == 'Ubuntu') { | |
| package { 'openssh-server' : | |
| ensure => latest, | |
| } | |
| service { 'ssh': | |
| ensure => 'running', | |
| enable => true, | |
| require => Package['openssh-server'], | |
| } | |
| $ssh_config_source = $::lsbdistcodename ? { | |
| 'precise' => 'puppet:///modules/standard_packages/ssh/sshd_config.precise', | |
| default => 'puppet:///modules/standard_packages/ssh/sshd_config', | |
| } | |
| file { 'sshdconfig': | |
| name => '/etc/ssh/sshd_config', | |
| owner => root, | |
| group => root, | |
| mode => '0644', | |
| source => $ssh_config_source, | |
| require => Package['openssh-server'], | |
| notify => Service['ssh'], | |
| } | |
| # Run ssh-keygen (ONLY if ed25519 key doesn't exist and we aren't on precise) | |
| unless ($::lsbdistcodename == 'precise') { | |
| exec { 'ED25519 ssh-keygen': | |
| command => "ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519", | |
| cwd => '/etc/ssh', | |
| user => 'root', | |
| creates => '/etc/ssh/ssh_host_ed25519_key', | |
| path => ['/usr/bin', '/usr/sbin/', '/usr/local/sbin'], | |
| require => Package['openssh-server'], | |
| notify => Service['ssh'], | |
| } | |
| } | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment