Add option to specify banner content

README.md

@@ -134,6 +134,30 @@ Banner option in sshd_config.
 
 - *Default*: 'none'
 
+sshd_banner_content
+-------------------
+Banner content in sshd_config_banner
+
+- *Default*: undef
+
+sshd_banner_owner
+-----------------
+sshd_config_banner owner
+
+- *Default*: 'root'
+
+sshd_banner_group
+-----------------
+sshd_config_banner group
+
+- *Default*: 'root'
+
+sshd_banner_mode
+----------------
+sshd_config_banner mode
+
+- *Default*: '0644'
+
 sshd_config_xauth_location
 --------------------------
 XAuthLocation option in sshd_config.

manifests/init.pp

@@ -26,6 +26,10 @@ class ssh (
   $sshd_config_print_motd           = 'yes',
   $sshd_config_use_dns              = 'yes',
   $sshd_config_banner               = 'none',
+  $sshd_banner_content              = undef,
+  $sshd_banner_owner                = 'root',
+  $sshd_banner_group                = 'root',
+  $sshd_banner_mode                 = '0644',
   $sshd_config_xauth_location       = '/usr/bin/xauth',
   $sshd_config_subsystem_sftp       = 'USE_DEFAULTS',
   $service_ensure                   = 'running',
@@ -53,6 +57,13 @@ class ssh (
   validate_re($sshd_use_pam, '^(yes|no)$', "sshd_use_pam may be either 'yes' or 'no' and is set to <${sshd_use_pam}>.")
   if is_integer($sshd_client_alive_interval) == false { fail("sshd_client_alive_interval must be an integer and is set to <${sshd_client_alive_interval}>.") }
 
+  if $sshd_config_banner != 'none' {
+    validate_absolute_path($sshd_config_banner)
+  }
+  if $sshd_banner_content != undef and $sshd_config_banner == 'none' {
+    fail("sshd_config_banner must be set to be able to use sshd_banner_content")
+  }
+
   case type($ssh_config_sendenv_xmodifiers) {
     'string': {
       $ssh_config_sendenv_xmodifiers_real = str2bool($ssh_config_sendenv_xmodifiers)
@@ -171,6 +182,18 @@ class ssh (
     require => Package['ssh_packages'],
   }
 
+  if $sshd_config_banner != 'none' and $sshd_banner_content != undef {
+    file { 'sshd_banner' :
+      ensure => file,
+      path    => $sshd_config_banner,
+      mode    => $sshd_banner_mode,
+      owner   => $sshd_banner_owner,
+      group   => $sshd_banner_group,
+      content => $sshd_banner_content,
+      require => Package['ssh_packages'],
+    }
+  }
+
   case $manage_root_ssh_config {
     'true': {
 

spec/classes/init_spec.rb

@@ -405,6 +405,7 @@ describe 'ssh' do
         :sshd_config_print_motd          => 'no',
         :sshd_config_use_dns             => 'no',
         :sshd_config_banner              => '/etc/sshd_banner',
+        :sshd_banner_content             => 'textinbanner',
         :sshd_config_xauth_location      => '/opt/ssh/bin/xauth',
         :sshd_config_subsystem_sftp      => '/opt/ssh/bin/sftp',
         :sshd_password_authentication    => 'no',
@@ -441,6 +442,18 @@ describe 'ssh' do
     it { should contain_file('sshd_config').with_content(/^X11Forwarding no$/) }
     it { should contain_file('sshd_config').with_content(/^UsePAM no$/) }
     it { should contain_file('sshd_config').with_content(/^ClientAliveInterval 242$/) }
+
+    it {
+      should contain_file('sshd_banner').with({
+        'ensure'  => 'file',
+        'path'    => '/etc/sshd_banner',
+        'owner'   => 'root',
+        'group'   => 'root',
+        'mode'    => '0644',
+        'content' => 'textinbanner',
+        'require' => 'Package[ssh_packages]',
+      })
+    }
   end
 
   context 'with manage_root_ssh_config set to \'true\' on valid osfamily' do
@@ -616,6 +629,46 @@ describe 'ssh' do
     end
   end
 
+  context 'with sshd_config_banner set to invalid value on valid osfamily' do
+    let :facts do
+      {
+        :fqdn      => 'monkey.example.com',
+        :osfamily  => 'RedHat',
+        :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+      }
+    end
+    let :params do
+      { :sshd_config_banner => 'invalid/path' }
+    end
+
+    it 'should fail' do
+      expect {
+        should include_class('ssh')
+      }.to raise_error(Puppet::Error,/is not an absolute path/)
+    end
+  end
+  context 'with sshd_banner_content set and with default value on sshd_config_banner on valid osfamily' do
+    let :facts do
+      {
+        :fqdn      => 'monkey.example.com',
+        :osfamily  => 'RedHat',
+        :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
+      }
+    end
+    let :params do
+      {
+        :sshd_banner_content => 'textinbanner'
+      }
+    end
+
+    it 'should fail' do
+      expect {
+        should include_class('ssh')
+      }.to raise_error(Puppet::Error,/sshd_config_banner must be set to be able to use sshd_banner_content/)
+    end
+  end
+
+
   context 'with ssh_config_sendenv_xmodifiers set to invalid type, array' do
     let :facts do
       {