This module configures both the client and server sides of SSH


The global portion of the configuration is in the 'ssh' class, which is included at the top level. This:

  • puts known hosts into the global file
  • adds global ssh configuration (currently empty)
  • starts sshd
  • adds global sshd configuration

Note that all known hosts are added to the global file. There's no good reason to *not* add known hosts to this list, or to only add some hosts on some systems.


This define sets up SSH configuration for a specific user (the namevar). Options:

Home directory to install into, if not the obvious /home/username or /Users/username.
Group name for this user, if not the same as the username.
Additional configuration to add to .ssh/config. This can be generated from a template if necessary.
A list of key names that should be authorized for this account. The relevant keys will be looked up in the hash in modules/ssh/manifests/keys.pp.

This class is included by the users::* classes.