Showing with 43 additions and 3 deletions.
  1. +1 −1 .travis.yml
  2. +2 −0 CHANGELOG
  3. +1 −1 Gemfile
  4. +6 −0 README.md
  5. +7 −0 manifests/init.pp
  6. +1 −1 metadata.json
  7. +22 −0 spec/classes/init_spec.rb
  8. +3 −0 templates/sshd_config.erb
2 changes: 1 addition & 1 deletion .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ env:

sudo: false

script: 'bundle exec metadata-json-lint metadata.json && bundle exec rake validate && bundle exec rake lint && SPEC_OPTS="--format documentation" bundle exec rake spec'
script: 'bundle exec rake validate && bundle exec rake lint && SPEC_OPTS="--format documentation" bundle exec rake spec'

matrix:
fast_finish: true
Expand Down
2 changes: 2 additions & 0 deletions CHANGELOG
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
3.38.0 - 2016-06-06

2.0.0 - 2013-05-16 Garrett Honeycutt <code@garretthoneycutt.com>
* Rebirth
2 changes: 1 addition & 1 deletion Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ else
end

gem 'metadata-json-lint'
gem 'puppetlabs_spec_helper', '>= 0.1.0'
gem 'puppetlabs_spec_helper', '>= 1.1.1'
gem 'facter', '>= 1.7.0'
gem 'rspec-puppet'
gem 'puppet-lint', :git => 'https://github.com/rodjek/puppet-lint.git'
Expand Down
6 changes: 6 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,12 @@ LogLevel option in sshd_config. Acceptable values are QUIET, FATAL, ERROR, INFO,

- *Default*: 'INFO'

sshd_config_maxauthtries
---------------
MaxAuthTries option in sshd_config. Specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged.

- *Default*: '6'

sshd_config_mode
---------------
sshd_config's mode. The default is '0600' on Linux and '0644' on Solaris.
Expand Down
7 changes: 7 additions & 0 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@
$sshd_config_allowusers = [],
$sshd_config_denygroups = [],
$sshd_config_denyusers = [],
$sshd_config_maxauthtries = undef,
$sshd_config_maxstartups = undef,
$sshd_config_maxsessions = undef,
$sshd_config_chrootdirectory = undef,
Expand Down Expand Up @@ -513,6 +514,12 @@
validate_string($sshd_config_authkey_location)
}

if $sshd_config_maxauthtries != undef {
if is_integer($sshd_config_maxauthtries) == false {
fail("ssh::sshd_config_maxauthtries must be a valid number and is set to <${sshd_config_maxauthtries}>.")
}
}

if $sshd_config_maxstartups != undef {
validate_re($sshd_config_maxstartups,'^(\d+)+(\d+?:\d+?:\d+)?$',
"ssh::sshd_config_maxstartups may be either an integer or three integers separated with colons, such as 10:30:100. Detected value is <${sshd_config_maxstartups}>.")
Expand Down
2 changes: 1 addition & 1 deletion metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "ghoneycutt-ssh",
"version": "3.37.1",
"version": "3.38.0",
"author": "ghoneycutt",
"summary": "Manages SSH",
"license": "Apache-2.0",
Expand Down
22 changes: 22 additions & 0 deletions spec/classes/init_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -466,6 +466,7 @@
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key/) }
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_dsa_key/) }
it { should contain_file('sshd_config').with_content(/^StrictModes yes$/) }
it { should_not contain_file('sshd_config').with_content(/^MaxAuthTries/) }
it { should_not contain_file('sshd_config').with_content(/^MaxStartups/) }
it { should_not contain_file('sshd_config').with_content(/^MaxSessions/) }
it { should contain_file('sshd_config').with_content(/^AuthorizedKeysCommand \/path\/to\/command$/) }
Expand Down Expand Up @@ -2046,6 +2047,27 @@
end
end

describe 'with paramter sshd_config_maxauthtries specified' do
let :facts do
default_facts.merge(
{
}
)
end
context 'as a valid integer' do
let(:params) { { :sshd_config_maxauthtries => 6}}
it { should contain_file('sshd_config').with_content(/^MaxAuthTries 6$/)}
end
context 'as an invalid type' do
let(:params) {{ :sshd_config_maxauthtries => 'BOGUS'}}
it 'should fail' do
expect{
should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::sshd_config_maxauthtries must be a valid number and is set to <BOGUS>\./)
end
end
end

describe 'with parameter sshd_config_maxstartups specified' do
let :facts do
default_facts.merge(
Expand Down
3 changes: 3 additions & 0 deletions templates/sshd_config.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,9 @@ PermitRootLogin <%= @permit_root_login %>
StrictModes <%= @sshd_config_strictmodes %>
<% end -%>
#MaxAuthTries 6
<% if @sshd_config_maxauthtries %>
MaxAuthTries <%= @sshd_config_maxauthtries %>
<% end -%>

#RSAAuthentication yes
#PubkeyAuthentication yes
Expand Down