5.1.2. HOWTO Disable SSH Management

If the ssh class from simp/ssh is included in your SIMP scenario and you wish remove it from the class list and stop managing SSH configuration, add to your Hiera configuration as follows:

  • To remove from the client nodes only:

---
simp::classes:
  - '--ssh'
  • To remove from the client nodes and SIMP server:

---
simp::classes:
  - '--ssh'

simp::server::classes:
  - '--ssh'

Removing SIMP’s ssh class also removes the iptables rule that allows connections to sshd. However, if the svckill class (from the simp/svckill Puppet module) is also included in your SIMP scenario, it will not automatically kill sshd when you cease management of the SSH configuration. This is because sshd has been whitelisted by svckill::ignore_defaults. So, if you want svckill to kill running sshd services, you must add the following to your Hiera configuration:

---
svckill::ignore:
  - '--sshd'

Note

The '--ssh' knockout prefix above cannot prevent ssh from being classified if it is included directly from Puppet code (e.g., include 'ssh') or by an ENC. However, you can stop managing the SSH client and server configurations with the following Hiera configuration:

---
ssh::enable_client: false
ssh::enable_server: false