class ssh {
	augeas{ "ssh":
		context => "/files/etc/ssh/sshd_config",
		changes => [
			"set PasswordAuthentication no"
		],
		notify => Service["sshd"]
	}
	service{ sshd: ensure => true, enable => true, hasrestart => true }
	case $sshrsakey {
		"": { # ignore empty keys
		}
		default: {
			@@sshkey {"$hostname": type => rsa, key => $sshrsakey, alias => $fqdn }
			# add keys based on ipaddress, we look for eth0 and eth1
			case $ipaddress_eth0 {
				"": { # if no such thing use $ipaddress
					@@sshkey {"$ipaddress": type => rsa, key => $sshrsakey }
				}
				default: {
					@@sshkey {"$ipaddress_eth0": type => rsa, key => $sshrsakey }
				}
			}
			case $ipaddress_eth1 {
				"": { # if no such thing do nothing
				}
				default: {
					@@sshkey {"ipaddress_eth1": type => rsa, key => $sshrsakey }
				}
			}
			# check for bridged interface
			case $ipaddress_br0 {
				"": { # if no such thing do nothing
				}
				default: {
					@@sshkey {"ipaddress_br0": type => rsa, key => $sshrsakey }
				}
			}
		}
	}
	Sshkey | |>>
}