summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--puppet/modules/site_sshd/manifests/init.pp15
-rw-r--r--puppet/modules/site_sshd/manifests/known_hosts.pp11
-rw-r--r--puppet/modules/site_sshd/templates/ssh_config.erb23
-rw-r--r--puppet/modules/site_sshd/templates/ssh_known_hosts.erb6
4 files changed, 39 insertions, 16 deletions
diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp
index d2de41c8..d9bc1d51 100644
--- a/puppet/modules/site_sshd/manifests/init.pp
+++ b/puppet/modules/site_sshd/manifests/init.pp
@@ -13,11 +13,20 @@ class site_sshd {
}
##
- ## SETUP KNOWN HOSTS
+ ## SETUP KNOWN HOSTS and SSH_CONFIG
##
- class { 'site_sshd::known_hosts':
- hosts => $hosts
+ file {
+ '/etc/ssh/ssh_known_hosts':
+ owner => root,
+ group => root,
+ mode => '0644',
+ content => template('site_sshd/ssh_known_hosts.erb');
+ '/etc/ssh/ssh_config':
+ owner => root,
+ group => root,
+ mode => '0644',
+ content => template('site_sshd/ssh_config.erb');
}
##
diff --git a/puppet/modules/site_sshd/manifests/known_hosts.pp b/puppet/modules/site_sshd/manifests/known_hosts.pp
deleted file mode 100644
index 290ffd0b..00000000
--- a/puppet/modules/site_sshd/manifests/known_hosts.pp
+++ /dev/null
@@ -1,11 +0,0 @@
-class site_sshd::known_hosts ($hosts) {
- # these owner and permissions seem odd to me, but it is what is defined
- # in modules/sshd/manifests/client/base.pp, so we are going to stick with it.
- file { '/etc/ssh/ssh_known_hosts':
- ensure => present,
- owner => root,
- group => 0,
- mode => '0644',
- content => template('site_sshd/ssh_known_hosts.erb');
- }
-}
diff --git a/puppet/modules/site_sshd/templates/ssh_config.erb b/puppet/modules/site_sshd/templates/ssh_config.erb
new file mode 100644
index 00000000..7e967413
--- /dev/null
+++ b/puppet/modules/site_sshd/templates/ssh_config.erb
@@ -0,0 +1,23 @@
+# This file is generated by Puppet
+# This is the ssh client system-wide configuration file. See
+# ssh_config(5) for more information. This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+
+Host *
+ SendEnv LANG LC_*
+ HashKnownHosts yes
+ GSSAPIAuthentication yes
+ GSSAPIDelegateCredentials no
+<% if scope.lookupvar('::site_config::params::environment') == 'local' -%>
+ #
+ # Vagrant nodes should have strict host key checking
+ # turned off. The problem is that the host key for a vagrant
+ # node is specific to the particular instance of the vagrant
+ # node you have running locally. For this reason, we can't
+ # track the host keys, or your host key for vpn1 would conflict
+ # with my host key for vpn1.
+ #
+ StrictHostKeyChecking no
+<% end -%>
+
diff --git a/puppet/modules/site_sshd/templates/ssh_known_hosts.erb b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb
index c5a71378..002ab732 100644
--- a/puppet/modules/site_sshd/templates/ssh_known_hosts.erb
+++ b/puppet/modules/site_sshd/templates/ssh_known_hosts.erb
@@ -1,5 +1,7 @@
# This file is generated by Puppet
-<% hosts.sort.each do |name, hash| -%>
-<%=name%>,<%=hash['domain_full']%>,<%=hash['domain_internal']%>,<%=hash['ip_address']%> <%=hash['host_pub_key']%>
+<% @hosts.sort.each do |name, hash| -%>
+<% if hash['host_pub_key'] -%>
+<%= name%>,<%=hash['domain_full']%>,<%=hash['domain_internal']%>,<%=hash['ip_address']%> <%=hash['host_pub_key']%>
+<% end -%>
<% end -%>