Showing with 47 additions and 12 deletions.
  1. +3 −0 CHANGELOG.md
  2. +9 −6 Gemfile
  3. +1 −1 LICENSE
  4. +6 −0 README.md
  5. +5 −0 manifests/init.pp
  6. +1 −5 metadata.json
  7. +19 −0 spec/classes/init_spec.rb
  8. +3 −0 templates/sshd_config.erb
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
### v3.50.0 - 2017-05-08
* Add param sshd_pubkeyacceptedkeytypes to set PubkeyAcceptedKeyTypes

### v3.49.1 - 2017-02-27
* Fix parameters not compatible with Solaris
* Add support for Puppet v4.9
Expand Down
15 changes: 9 additions & 6 deletions Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,8 @@ else
gem 'puppet', :require => false
end

gem 'puppetlabs_spec_helper', '>= 1.2.0'
gem 'facter', '>= 1.7.0'
gem 'rspec-puppet'
gem 'rspec-puppet', '~> 2.0'
gem 'puppet-lint', '~> 2.0'
gem 'puppet-lint-absolute_classname-check'
gem 'puppet-lint-alias-check'
Expand All @@ -22,9 +21,13 @@ gem 'puppet-lint-undef_in_function-check'
gem 'puppet-lint-unquoted_string-check'
gem 'puppet-lint-variable_contains_upcase'

gem 'rspec', '~> 2.0' if RUBY_VERSION >= '1.8.7' and RUBY_VERSION < '1.9'
gem 'rake', '~> 10.0' if RUBY_VERSION >= '1.8.7' and RUBY_VERSION < '1.9'
gem 'json', '<= 1.8' if RUBY_VERSION < '2.0.0'
gem 'json_pure', '<= 2.0.1' if RUBY_VERSION < '2.0.0'
gem 'rspec', '~> 2.0' if RUBY_VERSION >= '1.8.7' && RUBY_VERSION < '1.9'
gem 'rake', '~> 10.0' if RUBY_VERSION >= '1.8.7' && RUBY_VERSION < '1.9'
gem 'json', '<= 1.8' if RUBY_VERSION < '2.0.0'
gem 'json_pure', '<= 2.0.1' if RUBY_VERSION < '2.0.0'
gem 'metadata-json-lint', '0.0.11' if RUBY_VERSION < '1.9'
gem 'metadata-json-lint' if RUBY_VERSION >= '1.9'

gem 'puppetlabs_spec_helper', '2.0.2', :require => false if RUBY_VERSION >= '1.8.7' && RUBY_VERSION < '1.9'
gem 'puppetlabs_spec_helper', '>= 2.0.0', :require => false if RUBY_VERSION >= '1.9'
gem 'parallel_tests', '<= 2.9.0', :require => false if RUBY_VERSION < '2.0.0'
2 changes: 1 addition & 1 deletion LICENSE
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Copyright (C) 2010-2016 Garrett Honeycutt <code@garretthoneycutt.com>
Copyright (C) 2010-2017 Garrett Honeycutt <code@garretthoneycutt.com>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
6 changes: 6 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -642,6 +642,12 @@ String for HostbasedAuthentication option in sshd_config. Valid values are 'yes'
- *Default*: 'no'
sshd_pubkeyacceptedkeytypes
-------------------------
Array of public key types to be used with the PubkeyAcceptedKeyTypes option in sshd_config.
- *Default*: undef
sshd_pubkeyauthentication
-------------------------
String for PubkeyAuthentication option in sshd_config. Valid values are 'yes' and 'no'.
Expand Down
5 changes: 5 additions & 0 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@
$sshd_config_hostkey = 'USE_DEFAULTS',
$sshd_listen_address = undef,
$sshd_hostbasedauthentication = 'no',
$sshd_pubkeyacceptedkeytypes = undef,
$sshd_pubkeyauthentication = 'yes',
$sshd_ignoreuserknownhosts = 'no',
$sshd_ignorerhosts = 'yes',
Expand Down Expand Up @@ -636,6 +637,10 @@

validate_re($sshd_hostbasedauthentication, '^(yes|no)$', "ssh::sshd_hostbasedauthentication may be either 'yes' or 'no' and is set to <${sshd_hostbasedauthentication}>.")

if $sshd_pubkeyacceptedkeytypes != undef {
validate_array($sshd_pubkeyacceptedkeytypes)
}

validate_re($sshd_pubkeyauthentication, '^(yes|no)$', "ssh::sshd_pubkeyauthentication may be either 'yes' or 'no' and is set to <${sshd_pubkeyauthentication}>.")

validate_re($sshd_ignoreuserknownhosts, '^(yes|no)$', "ssh::sshd_ignoreuserknownhosts may be either 'yes' or 'no' and is set to <${sshd_ignoreuserknownhosts}>.")
Expand Down
6 changes: 1 addition & 5 deletions metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,13 @@
{
"name": "ghoneycutt-ssh",
"version": "3.49.1",
"version": "3.50.0",
"author": "ghoneycutt",
"summary": "Manages SSH",
"license": "Apache-2.0",
"source": "git://github.com/ghoneycutt/puppet-module-ssh.git",
"project_page": "https://github.com/ghoneycutt/puppet-module-ssh",
"issues_url": "https://github.com/ghoneycutt/puppet-module-ssh/issues",
"requirements": [
{
"name": "pe",
"version_requirement": ">= 3.2.0 < 5.0.0"
},
{
"name": "puppet",
"version_requirement": ">= 3.0.0 < 5.0.0"
Expand Down
19 changes: 19 additions & 0 deletions spec/classes/init_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,12 @@
:sshd_password_authentication => 'no',
:sshd_config_permitemptypasswords => 'no',
:sshd_config_permituserenvironment => 'no',
:sshd_pubkeyacceptedkeytypes => [ 'ecdsa-sha2-nistp256',
'ecdsa-sha2-nistp384',
'ecdsa-sha2-nistp521',
'ssh-ed25519',
'ssh-rsa',
],
:sshd_pubkeyauthentication => 'no',
:sshd_allow_tcp_forwarding => 'no',
:sshd_x11_forwarding => 'no',
Expand Down Expand Up @@ -506,6 +512,7 @@
it { should contain_file('sshd_config').with_content(/^AuthorizedKeysCommand \/path\/to\/command$/) }
it { should contain_file('sshd_config').with_content(/^AuthorizedKeysCommandUser asdf$/) }
it { should contain_file('sshd_config').with_content(/^HostbasedAuthentication no$/) }
it { should contain_file('sshd_config').with_content(/^PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa$/) }
it { should contain_file('sshd_config').with_content(/^PubkeyAuthentication no$/) }
it { should contain_file('sshd_config').with_content(/^IgnoreUserKnownHosts no$/) }
it { should contain_file('sshd_config').with_content(/^IgnoreRhosts yes$/) }
Expand Down Expand Up @@ -2188,6 +2195,18 @@
end
end

[true,'invalid'].each do |pubkeyacceptedkeytypes|
context "with sshd_pubkeyacceptedkeytypes set to invalid value #{pubkeyacceptedkeytypes}" do
let(:params) { { :sshd_pubkeyacceptedkeytypes => pubkeyacceptedkeytypes } }

it 'should fail' do
expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/is not/)
end
end
end

describe 'with parameter sshd_pubkeyauthentication' do
['yes','no'].each do |value|
context "specified as valid #{value} (as #{value.class})" do
Expand Down
3 changes: 3 additions & 0 deletions templates/sshd_config.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,9 @@ MaxAuthTries <%= @sshd_config_maxauthtries %>
<% end -%>

#RSAAuthentication yes
<% if @sshd_pubkeyacceptedkeytypes -%>
PubkeyAcceptedKeyTypes <%= @sshd_pubkeyacceptedkeytypes.join(',') %>
<% end -%>
#PubkeyAuthentication yes
PubkeyAuthentication <%= @sshd_pubkeyauthentication %>
#AuthorizedKeysFile .ssh/authorized_keys
Expand Down