Showing with 498 additions and 4 deletions.
  1. +4 −0 CHANGELOG.md
  2. +2 −0 README.md
  3. +56 −2 manifests/init.pp
  4. +4 −2 metadata.json
  5. +26 −0 spec/classes/init_spec.rb
  6. +61 −0 spec/fixtures/ssh_config_debian8
  7. +61 −0 spec/fixtures/ssh_config_ubuntu1804
  8. +141 −0 spec/fixtures/sshd_config_debian8
  9. +143 −0 spec/fixtures/sshd_config_ubuntu1804
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
### v3.61.0 - 2019-05-01
* Support Debian 8
* Support Ubuntu 18.04 LTS

### v3.60.1 - 2019-04-29
* Fix screwed up metadata

Expand Down
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ latest Puppet v3, v3 with future parser, v4, v5 and v6. See `.travis.yml`
for the exact matrix of supported Puppet and ruby versions.

* Debian 7
* Debian 8
* Debian 9
* EL 5
* EL 6
Expand All @@ -37,6 +38,7 @@ for the exact matrix of supported Puppet and ruby versions.
* Ubuntu 12.04 LTS
* Ubuntu 14.04 LTS
* Ubuntu 16.04 LTS
* Ubuntu 18.04 LTS
* Solaris 9
* Solaris 10
* Solaris 11
Expand Down
58 changes: 56 additions & 2 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,33 @@
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
}
'18.04': {
$default_sshd_config_hostkey = [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_dsa_key',
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
]
$default_ssh_config_hash_known_hosts = 'yes'
$default_sshd_config_xauth_location = undef
$default_ssh_config_forward_x11_trusted = 'yes'
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes'
$default_sshd_use_pam = 'yes'
$default_sshd_gssapikeyexchange = undef
$default_sshd_pamauthenticationviakbdint = undef
$default_sshd_gssapicleanupcredentials = 'yes'
$default_sshd_acceptenv = true
$default_service_hasstatus = true
$default_sshd_config_serverkeybits = '1024'
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
}
/^9.*/: {
$default_sshd_config_hostkey = [
'/etc/ssh/ssh_host_rsa_key',
Expand All @@ -252,8 +279,7 @@
$default_sshd_pamauthenticationviakbdint = undef
$default_service_hasstatus = true
}
/^[7-8].*/: {
# this is debian 7 conf file and suppose to work with debian 8
/^7.*/: {
$default_sshd_config_hostkey = [ '/etc/ssh/ssh_host_rsa_key' ]
$default_ssh_config_hash_known_hosts = 'no'
$default_sshd_config_xauth_location = '/usr/bin/xauth'
Expand All @@ -275,6 +301,34 @@
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
}
/^8.*/: {

$default_ssh_config_hash_known_hosts = 'yes'
$default_ssh_config_forward_x11_trusted = 'yes'
$default_ssh_package_source = undef
$default_ssh_package_adminfile = undef
$default_ssh_sendenv = true
$default_sshd_config_hostkey = [
'/etc/ssh/ssh_host_rsa_key',
'/etc/ssh/ssh_host_dsa_key',
'/etc/ssh/ssh_host_ecdsa_key',
'/etc/ssh/ssh_host_ed25519_key',
]
$default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server'
$default_sshd_config_mode = '0600'
$default_sshd_config_use_dns = 'yes'
$default_sshd_use_pam = 'yes'
$default_sshd_gssapikeyexchange = undef
$default_sshd_pamauthenticationviakbdint = undef
$default_sshd_gssapicleanupcredentials = undef
$default_sshd_acceptenv = true
$default_sshd_config_xauth_location = undef
$default_sshd_config_serverkeybits = '1024'
$default_sshd_addressfamily = 'any'
$default_sshd_config_tcp_keepalive = 'yes'
$default_sshd_config_permittunnel = 'no'
$default_service_hasstatus = true
}
default: { fail ("Operating System : ${::operatingsystemrelease} not supported") }
}
}
Expand Down
6 changes: 4 additions & 2 deletions metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "ghoneycutt-ssh",
"version": "3.60.1",
"version": "3.61.0",
"author": "ghoneycutt",
"summary": "Manages SSH",
"license": "Apache-2.0",
Expand All @@ -18,6 +18,7 @@
"operatingsystem": "Debian",
"operatingsystemrelease": [
"7",
"8",
"9"
]
},
Expand Down Expand Up @@ -82,7 +83,8 @@
"operatingsystemrelease": [
"12.04",
"14.04",
"16.04"
"16.04",
"18.04"
]
}
],
Expand Down
26 changes: 26 additions & 0 deletions spec/classes/init_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,19 @@
:sshd_config_fixture => 'sshd_config_debian',
:ssh_config_fixture => 'ssh_config_debian',
},
'Debian-8' => {
:architecture => 'x86_64',
:osfamily => 'Debian',
:operatingsystemrelease => '8',
:ssh_version => 'OpenSSH_6.7p1',
:ssh_version_numeric => '8.11',
:ssh_packages => ['openssh-server', 'openssh-client'],
:sshd_config_mode => '0600',
:sshd_service_name => 'ssh',
:sshd_service_hasstatus => true,
:sshd_config_fixture => 'sshd_config_debian8',
:ssh_config_fixture => 'ssh_config_debian8',
},
'Debian-9' => {
:architecture => 'x86_64',
:osfamily => 'Debian',
Expand Down Expand Up @@ -232,6 +245,19 @@
:sshd_config_fixture => 'sshd_config_ubuntu1604',
:ssh_config_fixture => 'ssh_config_ubuntu1604',
},
'Ubuntu-1804' => {
:architecture => 'x86_64',
:osfamily => 'Debian',
:operatingsystemrelease => '18.04',
:ssh_version => 'OpenSSH_7.6p1',
:ssh_version_numeric => '7.6',
:ssh_packages => ['openssh-server', 'openssh-client'],
:sshd_config_mode => '0600',
:sshd_service_name => 'ssh',
:sshd_service_hasstatus => true,
:sshd_config_fixture => 'sshd_config_ubuntu1804',
:ssh_config_fixture => 'ssh_config_ubuntu1804',
},
}

osfamily_matrix.each do |os, facts|
Expand Down
61 changes: 61 additions & 0 deletions spec/fixtures/ssh_config_debian8
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# This file is being maintained by Puppet.
# DO NOT EDIT

# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $

# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
PasswordAuthentication yes
PubkeyAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 2
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# HashKnownHosts no
HashKnownHosts yes
GlobalKnownHostsFile /etc/ssh/ssh_known_hosts
Host *
# GSSAPIAuthentication yes
GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
ForwardX11Trusted yes
UseRoaming no
# Send locale-related environment variables
SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL
61 changes: 61 additions & 0 deletions spec/fixtures/ssh_config_ubuntu1804
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# This file is being maintained by Puppet.
# DO NOT EDIT

# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $

# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
PasswordAuthentication yes
PubkeyAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 2
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# HashKnownHosts no
HashKnownHosts yes
GlobalKnownHostsFile /etc/ssh/ssh_known_hosts
Host *
# GSSAPIAuthentication yes
GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
ForwardX11Trusted yes
UseRoaming no
# Send locale-related environment variables
SendEnv LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL
Loading