Showing with 147 additions and 2 deletions.
  1. +0 −1 .gitignore
  2. +1 −1 Modulefile
  3. +6 −0 README.md
  4. +5 −0 manifests/init.pp
  5. +107 −0 metadata.json
  6. +25 −0 spec/classes/init_spec.rb
  7. +3 −0 templates/sshd_config.erb
1 change: 0 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ doc/
.DS_Store

# Puppet
metadata.json
coverage/
spec/fixtures/modules/*
Gemfile.lock
Expand Down
2 changes: 1 addition & 1 deletion Modulefile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name 'ghoneycutt-ssh'
version '3.9.0'
version '3.10.0'
source 'git://github.com/ghoneycutt/puppet-module-ssh.git'
author 'ghoneycutt'
license 'Apache License, Version 2.0'
Expand Down
6 changes: 6 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,12 @@ UseDNS option in sshd_config. The default is 'yes' on Linux.

- *Default*: 'USE_DEFAULTS'

sshd_config_authkey_location
----------------------------
Specify location of authorized_keys file. Default is to not specify.

- *Default*: undef

sshd_config_banner
------------------
Banner option in sshd_config.
Expand Down
5 changes: 5 additions & 0 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
$sshd_config_challenge_resp_auth = 'yes',
$sshd_config_print_motd = 'yes',
$sshd_config_use_dns = 'USE_DEFAULTS',
$sshd_config_authkey_location = undef,
$sshd_config_banner = 'none',
$sshd_banner_content = undef,
$sshd_banner_owner = 'root',
Expand Down Expand Up @@ -348,6 +349,10 @@
validate_re($sshd_gssapicleanupcredentials_real, '^(yes|no)$', "ssh::sshd_gssapicleanupcredentials may be either 'yes' or 'no' and is set to <${sshd_gssapicleanupcredentials_real}>.")
}

if $sshd_config_authkey_location != undef {
validate_string($sshd_config_authkey_location)
}

case type($hiera_merge) {
'string': {
validate_re($hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.")
Expand Down
107 changes: 107 additions & 0 deletions metadata.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
{
"requirements": [
{
"name": "pe",
"version_requirement": "3.2.x"
},
{
"name": "puppet",
"version_requirement": "3.x"
}
],
"operatingsystem_support": [
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"7"
]
},
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
"5",
"6"
]
},
{
"operatingsystem": "CentOS",
"operatingsystemrelease": [
"5",
"6"
]
},
{
"operatingsystem": "OracleLinux",
"operatingsystemrelease": [
"5",
"6"
]
},
{
"operatingsystem": "Scientific",
"operatingsystemrelease": [
"5",
"6"
]
},
{
"operatingsystem": "Solaris",
"operatingsystemrelease": [
"9",
"10",
"11"
]
},
{
"operatingsystem": "SLES"
},
{
"operatingsystem": "SLED"
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"12.04"
]
}
],
"name": "ghoneycutt-ssh",
"version": "3.10.0",
"source": "git://github.com/ghoneycutt/puppet-module-ssh.git",
"author": "ghoneycutt",
"license": "Apache License, Version 2.0",
"summary": "Manages SSH",
"description": "Manage SSH",
"project_page": "https://github.com/ghoneycutt/puppet-module-ssh",
"dependencies": [
{
"name": "puppetlabs/stdlib",
"version_requirement": ">= 3.2.0"
},
{
"name": "ghoneycutt/common",
"version_requirement": ">= 1.0.2"
},
{
"name": "puppetlabs/firewall"
}
],
"types": [

],
"checksums": {
"CHANGELOG": "15458e8eb413081b0a9cec5ef4d51ba8",
"Gemfile": "6992d521994d948eb6e48acd733a07bf",
"Gemfile.lock": "44926a4ba8c7b0f743f80b5428f68602",
"LICENSE": "567e6cc3941d464d60c74d1f4abd5f46",
"Modulefile": "ef6767f25726fe378913ea8f88dc097d",
"README.md": "2739cdd6115cb712fe4d55e478a0c296",
"Rakefile": "8ff6a0f7db638421d1742c5d365d0266",
"manifests/init.pp": "07418faad419147d9812da263ebc0752",
"spec/classes/init_spec.rb": "7ee09d72141365fbe0c7d58e01612d34",
"spec/spec_helper.rb": "3ea886dd135e120afa31e0aab12e85b0",
"templates/ssh_config.erb": "9aaeaeb5931fc7fc4b82a89098441387",
"templates/sshd_config.erb": "f7e701d2b44ca6737b838690d0d2ca77",
"tests/init.pp": "423466ae46899d6a0480aa9910b096d2"
}
}
25 changes: 25 additions & 0 deletions spec/classes/init_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@
it { should contain_file('sshd_config').with_content(/^HostKey \/etc\/ssh\/ssh_host_rsa_key$/) }
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange no$/) }
it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }

it {
Expand Down Expand Up @@ -184,6 +185,7 @@
it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) }
it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) }
it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }

it {
should contain_service('sshd_service').with({
Expand Down Expand Up @@ -273,6 +275,7 @@
it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) }
it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) }
it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }

it {
should contain_service('sshd_service').with({
Expand Down Expand Up @@ -361,6 +364,7 @@
it { should contain_file('sshd_config').with_content(/^PAMAuthenticationViaKBDInt yes$/) }
it { should contain_file('sshd_config').with_content(/^GSSAPIKeyExchange yes$/) }
it { should_not contain_file('sshd_config').with_content(/^\s*AcceptEnv L.*$/) }
it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }

it {
should contain_service('sshd_service').with({
Expand Down Expand Up @@ -456,6 +460,7 @@
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }

it {
should contain_service('sshd_service').with({
Expand Down Expand Up @@ -551,6 +556,7 @@
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }

it {
should contain_service('sshd_service').with({
Expand Down Expand Up @@ -646,6 +652,7 @@
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
it { should_not contain_file('sshd_config').with_content(/^AuthorizedKeysFile/) }

it {
should contain_service('sshd_service').with({
Expand Down Expand Up @@ -753,6 +760,7 @@
:sshd_use_pam => 'no',
:sshd_client_alive_interval => '242',
:sshd_client_alive_count_max => '0',
:sshd_config_authkey_location => '.ssh/authorized_keys',
}
end

Expand Down Expand Up @@ -791,6 +799,7 @@
it { should_not contain_file('sshd_config').with_content(/^\s*PAMAuthenticationViaKBDInt yes$/) }
it { should_not contain_file('sshd_config').with_content(/^\s*GSSAPIKeyExchange yes$/) }
it { should contain_file('sshd_config').with_content(/^AcceptEnv L.*$/) }
it { should contain_file('sshd_config').with_content(/^AuthorizedKeysFile .ssh\/authorized_keys/) }

it {
should contain_file('sshd_banner').with({
Expand Down Expand Up @@ -1034,6 +1043,22 @@
end
end

context 'with sshd_config_authkey_location set to invalid value on valid osfamily' do
let(:params) { { :sshd_config_authkey_location => false } }
let(:facts) do
{ :fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end

it 'should fail' do
expect {
should contain_class('ssh')
}.to raise_error(Puppet::Error,/is not a string/)
end
end

context 'with sshd_banner_content set and with default value on sshd_config_banner on valid osfamily' do
let(:params) { { :sshd_banner_content => 'textinbanner' } }
let :facts do
Expand Down
3 changes: 3 additions & 0 deletions templates/sshd_config.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@ PermitRootLogin <%= @permit_root_login %>
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
<% if @sshd_config_authkey_location -%>
AuthorizedKeysFile <%= @sshd_config_authkey_location %>
<% end -%>

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
Expand Down