In order to SSH configuration file security, ensure that the configuration permissions are not changed, can be unified management through puppet.
1. To create an SSH module related directory:
[Email protected]:ssh# pwd/etc/puppet/modules/ssh[email protected]:ssh# lltotal 12drwxr-xr-x 2 root root 4096 Nov 9 1 0:42 filesdrwxr-xr-x 2 root root 4096 Dec 18:15 manifestsdrwxr-xr-x 2 root root 4096 Dec 18:15 templates
2. Define the SSH module global configuration:
[Email protected]:manifests# vim init.pp class ssh{ include ssh::p arams,ssh::install,ssh::config,ssh::service}
3. Create the installation SSH package file:
[Email protected]:manifests# cat Install.pp class Ssh::install {package {$ssh::p arams::ssh_package_name: Ensure = present, allow_virtual = True, }}
4. Create a variable file and use the appropriate variable depending on the operating system.
[Email protected]:manifests# cat params.pp class ssh::p arams {case $::operatingsystem { Slaris: { $ Ssh_package_name = ' OpenSSH ' $ssh _service_config = '/etc/ssh/sshd_config ' $ssh _service_name = ' sshd ' } /^ (ubuntu| Debian) $/: { $ssh _package_name = ' openssh-server ' $ssh _service_config = '/etc/ssh/sshd_config ' $ssh _ service_name = ' sshd ' } default: { $ssh _package_name = ' openssh-server ' $ssh _service_config = '/ Etc/ssh/sshd_config ' $ssh _service_name = ' sshd '}}
5. Create an SSH configuration file
[Email protected]:manifests# cat config.pp class Ssh::config { file {$ssh::p arams::ssh_service_config: owner< c2/>=> Root, group = root, mode = 0644, ensure = present, content = Template ("Ssh/sshd_config.erb"), require = class["Ssh::install"], notify = class["SSH:: Service "], }}
6. Create an SSH service file
[Email protected]:manifests# cat service.pp class Ssh::service { service {$ssh::p arams::ssh_service_name: Ensure = running, hasstatus = true, Hasrestart = true, Enable = true, require = class["Ssh::config"], }}
7. Client-side testing
[email protected]:~# puppet agent--test info:retrieving pluginfactsinfo:retrieving plugininfo:caching Catalog fo R agent.domain.comInfo:Applying Configuration version ' 1418724923 ' notice:finished catalog run in 0.43 Seconds[email&nbs p;protected]:~# puppet agent--test info:retrieving pluginfactsinfo:retrieving plugininfo:caching Catalog for Agent.dom Ain.comInfo:Applying configuration Version ' 1418724963 ' Notice:/stage[main]/ssh::config/file[/etc/ssh/sshd_config] /content:---/etc/ssh/sshd_config2014-12-16 17:54:57.925899311 +0800+++/tmp/ Puppet-file20141216-29636-1fidan3-02014-12-16 18:16:06.120181312 +0800@@ -145,3 +145,4 @@ ########################## ########## hostkey/etc/ssh/ssh_host_rsa_key hostkey/etc/ssh/ssh_host_dsa_key+ #daveheInfo: Computing checksum on file /etc/ssh/sshd_configinfo:/stage[main]/ssh::config/file[/etc/ssh/sshd_config]: Filebucketed/etc/ssh/sshd_config To puppet with sum 2f42725b0c617b2ec7b9dd2db6c8fe61notice:/stage[main]/ssh::config/file[/etc/sSh/sshd_config]/content:content changed ' {md5}2f42725b0c617b2ec7b9dd2db6c8fe61 ' to ' {MD5} 53141dd1bb8749a04a5fd2a2f05b2b2a ' Info:/stage[main]/ssh::config/file[/etc/ssh/sshd_config]: Scheduling refresh of Class[ssh::service]info:class[ssh::service]: Scheduling refresh of Service[sshd]notice:/stage[main]/ssh::service/ SERVICE[SSHD]: Triggered ' refresh ' from 1 eventsnotice:finished catalog run in 0.73 seconds
Puppet SSH module configuration