In v4 of this module all the configuration file related parameters have been renamed to follow a simple naming scheme. In SSH configuration files CamelCase is used to name the parameters. Puppet does not support CamelCase, instead these names have been transfered to all lowercase names with underscores whenever a new word starts.
Please also take notice that all SSH server related actions and configurations have been moved to
the ssh::server class. Therefore client related configuration paramaters now use the ssh::
prefix
while server related configuration paramaters now uses the ssh::server::
prefix as namespace
(eg: ssh::send_env
vs ssh::server::accept_env
).
To make your life a little bit easier while upgrading from v3 to v4 of this module here is a list with the names that are used by OpenSSH and the names used in v3 and v4 of this module.
Client configuration file related parameters:
ssh_config name | v3 name | v4 name |
---|---|---|
AddKeysToAgent | add_keys_to_agent | |
AddressFamily | address_family | |
BatchMode | batch_mode | |
BindAddress | bind_address | |
BindInterface | bind_interface | |
CanonicalDomains | canonical_domains | |
CanonicalizeFallbackLocal | canonicalize_fallback_local | |
CanonicalizeHostname | canonicalize_hostname | |
CanonicalizeMaxDots | canonicalize_max_dots | |
CanonicalizePermittedCNAMEs | canonicalize_permitted_cnames | |
CASignatureAlgorithms | ca_signature_algorithms | |
CertificateFile | certificate_file | |
CheckHostIP | check_host_ip | |
Ciphers | ssh_config_ciphers | ciphers |
ClearAllForwardings | clear_all_forwardings | |
Compression | compression | |
ConnectionAttempts | connection_attempts | |
ConnectTimeout | connect_timeout | |
ControlMaster | control_master | |
ControlPath | control_path | |
ControlPersist | control_persist | |
DynamicForward | dynamic_forward | |
EnableSSHKeysign | ssh_enable_ssh_keysign | enable_ssh_keysign |
EscapeChar | escape_char | |
ExitOnForwardFailure | exit_on_forward_failure | |
FingerprintHash | fingerprint_hash | |
ForkAfterAuthentication | fork_after_authentication | |
ForwardAgent | ssh_config_forward_agent | forward_agent |
ForwardX11 | ssh_config_forward_x11 | forward_x11 |
ForwardX11Timeout | forward_x11_timeout | |
ForwardX11Trusted | ssh_config_forward_x11_trusted | forward_x11_trusted |
GatewayPorts | gateway_ports | |
GlobalKnownHostsFile | ssh_config_global_known_hosts_list | global_known_hosts_file |
GSSAPIAuthentication | ssh_gssapiauthentication | gss_api_authentication |
GSSAPIDelegateCredentials | ssh_gssapidelegatecredentials | gss_api_delegate_credentials |
HashKnownHosts | ssh_config_hash_known_hosts | hash_known_hosts |
Host | host | |
HostbasedAcceptedAlgorithms | hostbased_accepted_algorithms | |
HostbasedAuthentication | ssh_hostbasedauthentication | hostbased_authentication |
HostKeyAlgorithms | host_key_algorithms | |
HostKeyAlias | host_key_alias | |
Hostname | hostname | |
IdentitiesOnly | identities_only | |
IdentityAgent | identity_agent | |
IdentityFile | identity_file | |
IgnoreUnknown | ignore_unknown | |
Include | ssh_config_include | include |
IPQoS | ip_qos | |
KbdInteractiveAuthentication | kbd_interactive_authentication | |
KbdInteractiveDevices | kbd_interactive_devices | |
KexAlgorithms | ssh_config_kexalgorithms | kex_algorithms |
KnownHostsCommand | kown_hosts_command | |
LocalCommand | local_command | |
LocalForward | local_forward | |
LogLevel | log_level | |
LogVerbose | log_verbose | |
MACs | ssh_config_macs | macs |
NoHostAuthenticationForLocalhost | no_host_authentication_for_localhost | |
NumberOfPasswordPrompts | number_of_password_prompts | |
PasswordAuthentication | password_authentication | |
PermitLocalCommand | permit_local_command | |
PermitRemoteOpen | permit_remote_open | |
PKCS11Provider | pkcs11_provider | |
Port | port | |
PreferredAuthentications | preferred_authentications | |
ProxyCommand | ssh_config_proxy_command | proxy_command |
ProxyJump | proxy_jump | |
ProxyUseFdpass | proxy_use_fdpass | |
PubkeyAcceptedAlgorithms | pubkey_accepted_algorithms | |
PubkeyAuthentication | pubkey_authentication | |
RekeyLimit | rekey_limit | |
RemoteCommand | remote_command | |
RemoteForward | remote_forward | |
RequestTTY | request_tty | |
RevokedHostKeys | revoked_host_keys | |
SecurityKeyProvider | security_key_provider | |
SendEnv | ssh_sendenv | send_env |
ServerAliveCountMax | server_alive_count_max | |
ServerAliveInterval | ssh_config_server_alive_interval | server_alive_interval |
SessionType | session_type | |
SetEnv | set_env | |
StdinNull | stdin_null | |
StreamLocalBindMask | stream_local_bind_mask | |
StreamLocalBindUnlink | stream_local_bind_unlink | |
StrictHostKeyChecking | ssh_strict_host_key_checking | strict_host_key_checking |
SyslogFacility | syslog_facility | |
TCPKeepAlive | tcp_keep_alive | |
Tunnel | tunnel | |
TunnelDevice | tunnel_device | |
UpdateHostKeys | update_host_keys | |
User | user | |
UserKnownHostsFile | ssh_config_user_known_hosts_file | user_known_hosts_file |
VerifyHostKeyDNS | verify_host_key_dns | |
VisualHostKey | visual_host_key | |
XAuthLocation | xauth_location | |
removed | ||
Protocol | use $custom instead | |
UseRoaming | ssh_config_use_roaming | use $custom instead |
Server configuration file related parameters:
sshd_config name | v3 name | v4 name |
---|---|---|
AcceptEnv | sshd_acceptenv | accept_env |
AddressFamily | sshd_addressfamily | address_family |
AllowAgentForwarding | sshd_config_allowagentforwarding | allow_agent_forwarding |
AllowGroups | sshd_config_allowgroups | allow_groups |
AllowStreamLocalForwarding | allow_stream_local_forwarding | |
AllowTcpForwarding | sshd_allow_tcp_forwarding | allow_tcp_forwarding |
AllowUsers | sshd_config_allowusers | allow_users |
AuthenticationMethods | sshd_config_authenticationmethods | authentication_methods |
AuthorizedKeysCommand | sshd_authorized_keys_command | authorized_keys_command |
AuthorizedKeysCommandUser | sshd_authorized_keys_command_user | authorized_keys_command_user |
AuthorizedKeysFile | sshd_config_authkey_location | authorized_keys_file |
AuthorizedPrincipalsCommand | authorized_principals_command | |
AuthorizedPrincipalsCommandUser | authorized_principals_command_user | |
AuthorizedPrincipalsFile | sshd_config_authorized_principals_file | authorized_principals_file |
Banner | sshd_config_banner | banner |
CASignatureAlgorithms | ca_signature_algorithms | |
ChallengeResponseAuthentication | sshd_config_challenge_resp_auth | kbd_interactive_authentication |
ChrootDirectory | sshd_config_chrootdirectory | chroot_directory |
Ciphers | sshd_config_ciphers | ciphers |
ClientAliveCountMax | sshd_client_alive_count_max | client_alive_count_max |
ClientAliveInterval | sshd_client_alive_interval | client_alive_interval |
Compression | sshd_config_compression | compression |
DenyGroups | sshd_config_denygroups | deny_groups |
DenyUsers | sshd_config_denyusers | deny_users |
DisableForwarding | disable_forwarding | |
ExposeAuthInfo | expose_auth_info | |
FingerprintHash | fingerprint_hash | |
ForceCommand | sshd_config_forcecommand | force_command |
GatewayPorts | gateway_ports | |
GSSAPIAuthentication | sshd_gssapiauthentication | gss_api_authentication |
GSSAPICleanupCredentials | sshd_gssapicleanupcredentials | gss_api_cleanup_credentials |
GSSAPIStrictAcceptorCheck | gss_api_strict_acceptor_check | |
HostbasedAcceptedAlgorithms | hostbased_accepted_algorithms | |
HostbasedAuthentication | sshd_hostbasedauthentication | hostbased_authentication |
HostbasedUsesNameFromPacketOnly | hostbased_uses_name_from_packet_only | |
HostCertificate | sshd_config_hostcertificate | host_certificate |
HostKey | sshd_config_hostkey | host_key |
HostKeyAgent | host_key_agent | |
HostKeyAlgorithms | host_key_algorithms | |
IgnoreRhosts | sshd_ignorerhosts | ignore_rhosts |
IgnoreUserKnownHosts | sshd_ignoreuserknownhosts | ignore_user_known_hosts |
Include | sshd_config_include | include |
IPQoS | ip_qos | |
KbdInteractiveAuthentication | kbd_interactive_authentication | |
KerberosAuthentication | sshd_kerberos_authentication | kerberos_authentication |
KerberosGetAFSToken | kerberos_get_afs_token | |
KerberosOrLocalPasswd | kerberos_or_local_passwd | |
KerberosTicketCleanup | kerberos_ticket_cleanup | |
KexAlgorithms | sshd_config_kexalgorithms | kex_algorithms |
ListenAddress | sshd_listen_address | listen_address |
LoginGraceTime | sshd_config_login_grace_time | login_grace_time |
LogLevel | sshd_config_loglevel | log_level |
LogVerbose | log_verbose | |
MACs | sshd_config_macs | macs |
MaxAuthTries | sshd_config_maxauthtries | max_auth_tries |
MaxSessions | sshd_config_maxsessions | max_sessions |
MaxStartups | sshd_config_maxstartups | max_startups |
ModuliFile | moduli_file | |
PasswordAuthentication | sshd_password_authentication | password_authentication |
PermitEmptyPasswords | sshd_config_permitemptypasswords | permit_empty_passwords |
PermitListen | permit_listen | |
PermitOpen | permit_open | |
PermitRootLogin | permit_root_login | permit_root_login |
PermitTTY | permit_tty | |
PermitTunnel | sshd_config_permittunnel | permit_tunnel |
PermitUserEnvironment | sshd_config_permituserenvironment | permit_user_environment |
PermitUserRC | permit_user_rc | |
PerSourceMaxStartups | per_source_max_startups | |
PerSourceNetBlockSize | per_source_net_block_size | |
PidFile | pid_file | |
Port | sshd_config_port | port |
PrintLastLog | sshd_config_print_last_log | print_last_log |
PrintMotd | sshd_config_print_motd | print_motd |
PubkeyAcceptedAlgorithms | sshd_pubkeyacceptedkeytypes | pubkey_accepted_algorithms |
PubkeyAuthentication | sshd_pubkeyauthentication | pubkey_authentication |
PubkeyAuthOptions | pubkey_auth_options | |
RekeyLimit | rekey_limit | |
RevokedKeys | sshd_config_key_revocation_list | revoked_keys |
RDomain | rdomain | |
SecurityKeyProvider | security_key_provider | |
SetEnv | set_env | |
StreamLocalBindMask | stream_local_bind_mask | |
StreamLocalBindUnlink | stream_local_bind_unlink | |
StrictModes | sshd_config_strictmodes | strict_modes |
Subsystem sftp | sshd_config_subsystem_sftp | subsystem (in v3 'sftp' was included) |
SyslogFacility | sshd_config_syslog_facility | syslog_facility |
TCPKeepAlive | sshd_config_tcp_keepalive | tcp_keep_alive |
TrustedUserCAKeys | sshd_config_trustedusercakeys | trusted_user_ca_keys |
UseDNS | sshd_config_use_dns | use_dns |
UsePAM | sshd_use_pam | use_pam |
VersionAddendum | version_addendum | |
X11DisplayOffset | x11_display_offset | |
X11Forwarding | sshd_x11_forwarding | x11_forwarding |
X11UseLocalhost | sshd_x11_use_localhost | x11_use_localhost |
XAuthLocation | sshd_config_xauth_location | xauth_location |
removed | ||
Match | sshd_config_match | use $custom instead |
UsePrivilegeSeparation | sshd_config_use_privilege_separation | use $custom instead |
GSSAPIKeyExchange | sshd_gssapikeyexchange | use $custom instead |
PAMAuthenticationViaKBDInt | sshd_pamauthenticationviakbdint | use $custom instead |
ServerKeyBits | sshd_config_serverkeybits | use $custom instead |