Safe Haskell | None |
---|---|
Language | Haskell98 |
- type PubKeyText = String
- sshdConfig :: FilePath
- type ConfigKeyword = String
- setSshdConfigBool :: ConfigKeyword -> Bool -> Property NoInfo
- setSshdConfig :: ConfigKeyword -> String -> Property NoInfo
- data RootLogin
- permitRootLogin :: RootLogin -> Property NoInfo
- passwordAuthentication :: Bool -> Property NoInfo
- noPasswords :: Property NoInfo
- hasAuthorizedKeys :: User -> IO Bool
- authorizedKey :: User -> String -> Property NoInfo
- restarted :: Property NoInfo
- randomHostKeys :: Property NoInfo
- hostKeys :: IsContext c => c -> [(SshKeyType, PubKeyText)] -> Property HasInfo
- hostKey :: IsContext c => c -> SshKeyType -> PubKeyText -> Property HasInfo
- pubKey :: SshKeyType -> PubKeyText -> Property HasInfo
- getPubKey :: Propellor (Map SshKeyType String)
- keyImported :: IsContext c => SshKeyType -> User -> c -> Property HasInfo
- keyImported' :: IsContext c => Maybe FilePath -> SshKeyType -> User -> c -> Property HasInfo
- knownHost :: [Host] -> HostName -> User -> Property NoInfo
- authorizedKeys :: IsContext c => User -> c -> Property HasInfo
- listenPort :: Int -> RevertableProperty
Documentation
type PubKeyText = String Source
type ConfigKeyword = String Source
setSshdConfigBool :: ConfigKeyword -> Bool -> Property NoInfo Source
setSshdConfig :: ConfigKeyword -> String -> Property NoInfo Source
RootLogin Bool | allow or prevent root login |
WithoutPassword | disable password authentication for root, while allowing other authentication methods |
ForcedCommandsOnly | allow root login with public-key authentication, but only if a forced command has been specified for the public key |
noPasswords :: Property NoInfo Source
Configure ssh to not allow password logins.
To prevent lock-out, this is done only once root's authorized_keys is in place.
hasAuthorizedKeys :: User -> IO Bool Source
authorizedKey :: User -> String -> Property NoInfo Source
Ensures that a user's authorized_keys contains a line. Any other lines in the file are preserved as-is.
randomHostKeys :: Property NoInfo Source
Blows away existing host keys and make new ones. Useful for systems installed from an image that might reuse host keys. A flag file is used to only ever do this once.
hostKeys :: IsContext c => c -> [(SshKeyType, PubKeyText)] -> Property HasInfo Source
Installs the specified list of ssh host keys.
The corresponding private keys come from the privdata.
Any host keysthat are not in the list are removed from the host.
hostKey :: IsContext c => c -> SshKeyType -> PubKeyText -> Property HasInfo Source
Installs a single ssh host key of a particular type.
The public key is provided to this function; the private key comes from the privdata;
pubKey :: SshKeyType -> PubKeyText -> Property HasInfo Source
Indicates the host key that is used by a Host, but does not actually
configure the host to use it. Normally this does not need to be used;
use hostKey
instead.
keyImported :: IsContext c => SshKeyType -> User -> c -> Property HasInfo Source
Sets up a user with a ssh private key and public key pair from the PrivData.
If the user already has a private/public key, it is left unchanged.
keyImported' :: IsContext c => Maybe FilePath -> SshKeyType -> User -> c -> Property HasInfo Source
A file can be speficied to write the key to somewhere other than usual. Allows a user to have multiple keys for different roles.
authorizedKeys :: IsContext c => User -> c -> Property HasInfo Source
Makes a user have authorized_keys from the PrivData
This removes any other lines from the file.
listenPort :: Int -> RevertableProperty Source
Makes the ssh server listen on a given port, in addition to any other ports it is configured to listen on.
Revert to prevent it listening on a particular port.