2.0 KiB
profile::ssh_server
This profile configures sshd(8).
Parameters
| Name | Type | Default |
|---|---|---|
| enable_public_key | bool | hiera('ssh_server::enable_public_key', true) |
| enable_gssapi | bool | hiera('ssh_server::enable_gssapi') |
| permit_root_login | string | hiera('ssh_server::permit_root_login') |
| trusted_user_ca_keys | list | hiera('ssh_server::trusted_user_ca_keys', []) |
| user_ca_keys | hash | hiera('ssh_server::user_ca_keys', {}) |
| banner_file | string | hiera('ssh_server::banner_file', undef), |
| aliases | list | hiera_array('ssh_server::aliases', []), |
enable_public_key
A boolean determining whether public key authentication is enabled or not for normal users.
Note that root is still allowed to connect using public
key authentication. Here you may block root login with
ssh_server::permit_root_login or restrict from where to
allow root login (see bastion hosts aaa::bastions and
aaa::use_bastions).
enable_gssapi
A boolean determining whether GSSAPI authentication is enabled or not.
permit_root_login
Sets PermitRootLogin in the sshd configuration file.
trusted_user_ca_keys
An array containing the user CA keys that will be accepted (as
understood by the TrustedUserCAKeys directive in sshd_config(5)).
user_ca_keys
A hash containing the actual keys to be referenced by trusted_user_ca_keys.
banner_file
Where to find a custom banner file on the system.
aliases
Adds alternative names/aliases under which this system can be reached too to the principal list of the SSH server host key certificate.