Safe Haskell | None |
---|---|
Language | Haskell98 |
- installed :: Property UnixLike
- restarted :: Property DebianLike
- type PubKeyText = String
- data SshKeyType
- = SshRsa
- | SshDsa
- | SshEcdsa
- | SshEd25519
- sshdConfig :: FilePath
- type ConfigKeyword = String
- setSshdConfigBool :: ConfigKeyword -> Bool -> Property DebianLike
- setSshdConfig :: ConfigKeyword -> String -> Property DebianLike
- data RootLogin
- permitRootLogin :: RootLogin -> Property DebianLike
- passwordAuthentication :: Bool -> Property DebianLike
- noPasswords :: Property DebianLike
- listenPort :: Port -> RevertableProperty DebianLike DebianLike
- randomHostKeys :: Property DebianLike
- hostKeys :: IsContext c => c -> [(SshKeyType, PubKeyText)] -> Property (HasInfo + DebianLike)
- hostKey :: IsContext c => c -> SshKeyType -> PubKeyText -> Property (HasInfo + DebianLike)
- hostPubKey :: SshKeyType -> PubKeyText -> Property (HasInfo + UnixLike)
- getHostPubKey :: Propellor (Map SshKeyType PubKeyText)
- userKeys :: IsContext c => User -> c -> [(SshKeyType, PubKeyText)] -> Property (HasInfo + UnixLike)
- userKeyAt :: IsContext c => Maybe FilePath -> User -> c -> (SshKeyType, PubKeyText) -> Property (HasInfo + UnixLike)
- knownHost :: [Host] -> HostName -> User -> Property UnixLike
- unknownHost :: [Host] -> HostName -> User -> Property UnixLike
- authorizedKeysFrom :: User -> (User, Host) -> Property UnixLike
- unauthorizedKeysFrom :: User -> (User, Host) -> Property UnixLike
- authorizedKeys :: IsContext c => User -> c -> Property (HasInfo + UnixLike)
- authorizedKey :: User -> String -> RevertableProperty UnixLike UnixLike
- hasAuthorizedKeys :: User -> IO Bool
- getUserPubKeys :: User -> Propellor [(SshKeyType, PubKeyText)]
Documentation
type PubKeyText = String Source
The text of a ssh public key, for example, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB3BJ2GqZiTR2LEoDXyYFgh/BduWefjdKXAsAtzS9zeI"
data SshKeyType Source
Daemon configuration
type ConfigKeyword = String Source
setSshdConfig :: ConfigKeyword -> String -> Property DebianLike Source
RootLogin Bool | allow or prevent root login |
WithoutPassword | disable password authentication for root, while allowing other authentication methods |
ForcedCommandsOnly | allow root login with public-key authentication, but only if a forced command has been specified for the public key |
noPasswords :: Property DebianLike Source
Configure ssh to not allow password logins.
To prevent lock-out, this is done only once root's authorized_keys is in place.
listenPort :: Port -> RevertableProperty DebianLike DebianLike Source
Makes the ssh server listen on a given port, in addition to any other ports it is configured to listen on.
Revert to prevent it listening on a particular port.
Host keys
randomHostKeys :: Property DebianLike Source
Blows away existing host keys and make new ones. Useful for systems installed from an image that might reuse host keys. A flag file is used to only ever do this once.
hostKeys :: IsContext c => c -> [(SshKeyType, PubKeyText)] -> Property (HasInfo + DebianLike) Source
Installs the specified list of ssh host keys.
The corresponding private keys come from the privdata.
Any host keys that are not in the list are removed from the host.
hostKey :: IsContext c => c -> SshKeyType -> PubKeyText -> Property (HasInfo + DebianLike) Source
Installs a single ssh host key of a particular type.
The public key is provided to this function; the private key comes from the privdata;
hostPubKey :: SshKeyType -> PubKeyText -> Property (HasInfo + UnixLike) Source
Indicates the host key that is used by a Host, but does not actually
configure the host to use it. Normally this does not need to be used;
use hostKey
instead.
User keys and configuration
userKeys :: IsContext c => User -> c -> [(SshKeyType, PubKeyText)] -> Property (HasInfo + UnixLike) Source
Sets up a user with the specified public keys, and the corresponding private keys from the privdata.
The public keys are added to the Info, so other properties like
authorizedKeysFrom
can use them.
userKeyAt :: IsContext c => Maybe FilePath -> User -> c -> (SshKeyType, PubKeyText) -> Property (HasInfo + UnixLike) Source
Sets up a user with the specified pubic key, and a private key from the privdata.
A file can be specified to write the key to somewhere other than the default locations. Allows a user to have multiple keys for different roles.
knownHost :: [Host] -> HostName -> User -> Property UnixLike Source
Puts some host's ssh public key(s), as set using hostPubKey
or hostKey
into the known_hosts file for a user.
authorizedKeysFrom :: User -> (User, Host) -> Property UnixLike Source
Ensures that a local user's authorized_keys contains lines allowing logins from a remote user on the specified Host.
The ssh keys of the remote user can be set using keysImported
Any other lines in the authorized_keys file are preserved as-is.
unauthorizedKeysFrom :: User -> (User, Host) -> Property UnixLike Source
Reverts authorizedKeysFrom
authorizedKeys :: IsContext c => User -> c -> Property (HasInfo + UnixLike) Source
Makes a user have authorized_keys from the PrivData
This removes any other lines from the file.
authorizedKey :: User -> String -> RevertableProperty UnixLike UnixLike Source
Ensures that a user's authorized_keys contains a line. Any other lines in the file are preserved as-is.
hasAuthorizedKeys :: User -> IO Bool Source
getUserPubKeys :: User -> Propellor [(SshKeyType, PubKeyText)] Source