# of variables, which you might consider to configure.
# Checkout the following:
#
+# sshd_listen_address: specify the addresses sshd should listen on
+# set this to "10.0.0.1 192.168.0.1" to have it listen on both
+# addresses, or leave it unset to listen on all
+# Default: empty -> results in listening on 0.0.0.0
+#
# sshd_allowed_users: list of usernames separated by spaces.
# set this for example to "foobar root"
# to ensure that only user foobar and root
class sshd::base {
- # prepare variables to use in templates
+ # prepare variables to use in templates
+ $real_sshd_listen_address = $sshd_sshd_listen_address ? {
+ '' => '',
+ default => $sshd_sshd_listen_address
+ }
$real_sshd_allowed_users = $sshd_allowed_users ? {
'' => '',
default => $sshd_allowed_users
Port 22
<%- end %>
+# Use these options to restrict which interfaces/protocols sshd will bind to
+<% for address in real_sshd_listen_address -%>
+ListenAddress <%= address %>
+<% end -%>
+#AddressFamily any
#Protocol 2,1
Protocol 2
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
-
<%- unless real_sshd_port.to_s.empty? then %>
Port <%= real_sshd_port -%>
<%- else -%>
<%- end -%>
# Use these options to restrict which interfaces/protocols sshd will bind to
-#ListenAddress ::
-#ListenAddress 0.0.0.0
+<% for address in real_sshd_listen_address -%>
+ListenAddress <%= address %>
+<% end -%>
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
Port 22
<%- end %>
+# Use these options to restrict which interfaces/protocols sshd will bind to
+<% for address in real_sshd_listen_address -%>
+ListenAddress <%= address %>
+<% end -%>
#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
Port 22
<%- end %>
+# Use these options to restrict which interfaces/protocols sshd will bind to
+<% for address in real_sshd_listen_address -%>
+ListenAddress <%= address %>
+<% end -%>
#Protocol 2,1
#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
projects / puppet-sshd.git / commitdiff