package "openssh-client"
package "openssh-server"
+template "/etc/ssh/sshd_config.d/chef.conf" do
+ source "sshd_config.conf.erb"
+ owner "root"
+ group "root"
+ mode "644"
+ notifies :restart, "service[ssh]"
+ only_if { Dir.exist?("/etc/ssh/sshd_config.d") }
+end
+
service "ssh" do
action [:enable, :start]
supports :status => true, :restart => true, :reload => true
end
keys = {
- "ssh-rsa" => node[:keys][:ssh][:host_rsa_public],
- "ssh-dss" => node[:keys][:ssh][:host_dsa_public]
+ "ssh-rsa" => node[:keys][:ssh][:host_rsa_public]
}
if node[:keys][:ssh][:host_ecdsa_public]
]
end
-template "/etc/ssh/ssh_config" do
- source "ssh_config.erb"
- mode 0o644
- owner "root"
- group "root"
-end
-
template "/etc/ssh/ssh_known_hosts" do
source "ssh_known_hosts.erb"
- mode 0o444
+ mode "444"
owner "root"
group "root"
backup false
firewall_rule "accept-ssh" do
action :accept
- source "net"
- dest "fw"
- proto "tcp:syn"
+ context :incoming
+ protocol :tcp
dest_ports node[:openssh][:port]
end