5.1.2. HOWTO Disable SSH Management
If the ssh
class from simp/ssh is included in your SIMP scenario and you wish
remove it from the class list and stop managing SSH configuration, add to your Hiera
configuration as follows:
To remove from the client nodes only:
---
simp::classes:
- '--ssh'
To remove from the client nodes and SIMP server:
---
simp::classes:
- '--ssh'
simp::server::classes:
- '--ssh'
Removing SIMP’s ssh
class also removes the iptables
rule that allows
connections to sshd. However, if the svckill
class (from the
simp/svckill Puppet module) is also included in your SIMP scenario, it
will not automatically kill sshd when you cease management of the SSH
configuration. This is because sshd has been whitelisted by
svckill::ignore_defaults
. So, if you want svckill
to kill running
sshd services, you must add the following to your Hiera configuration:
---
svckill::ignore:
- '--sshd'
Note
The '--ssh'
knockout prefix above cannot prevent ssh
from
being classified if it is included directly from Puppet code (e.g.,
include 'ssh'
) or by an ENC. However, you can stop managing the
SSH client and server configurations with the following Hiera configuration:
---
ssh::enable_client: false
ssh::enable_server: false