puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add ability to specify listen port for sshd

Browse Source 
This patch allows you to specify a non-standard port for sshd.
This commit is contained in:
Garrett Honeycutt 2013-11-02 14:14:18 +01:00
parent 31397a0f18
commit 3dfa15ef6b
4 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -92,6 +92,12 @@ sshd_config's mode.
- *Default*: '0600' - *Default*: '0600'
sshd_config_port
---------------------------
String to specify listen port for sshd. Port option in sshd_config.
- *Default*: 22
sshd_config_syslog_facility sshd_config_syslog_facility
--------------------------- ---------------------------
SyslogFacility option in sshd_config. SyslogFacility option in sshd_config.

2
manifests/init.pp
View File

@ -19,6 +19,7 @@ class ssh (
$sshd_config_owner = 'root', $sshd_config_owner = 'root',
$sshd_config_group = 'root', $sshd_config_group = 'root',
$sshd_config_mode = '0600', $sshd_config_mode = '0600',
$sshd_config_port = '22',
$sshd_config_syslog_facility = 'AUTH', $sshd_config_syslog_facility = 'AUTH',
$sshd_config_login_grace_time = '120', $sshd_config_login_grace_time = '120',
$sshd_config_challenge_resp_auth = 'no', $sshd_config_challenge_resp_auth = 'no',
@ -45,6 +46,7 @@ class ssh (
) { ) {
# validate params # validate params
validate_re($sshd_config_port, '^\d+$', "sshd_config_port must be a valid number and is set to <${sshd_config_port}>")
validate_re($sshd_password_authentication, '^(yes|no)$', "sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.") validate_re($sshd_password_authentication, '^(yes|no)$', "sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.")
validate_re($sshd_allow_tcp_forwarding, '^(yes|no)$', "sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.") validate_re($sshd_allow_tcp_forwarding, '^(yes|no)$', "sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.")
validate_re($sshd_x11_forwarding, '^(yes|no)$', "sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.") validate_re($sshd_x11_forwarding, '^(yes|no)$', "sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.")

25
spec/classes/init_spec.rb
View File

@ -49,6 +49,7 @@ describe 'ssh' do
}) })
} }
it { should contain_file('sshd_config').with_content(/^Port 22$/) }
it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
@ -130,6 +131,7 @@ describe 'ssh' do
}) })
} }
it { should contain_file('sshd_config').with_content(/^Port 22$/) }
it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
@ -212,6 +214,7 @@ describe 'ssh' do
}) })
} }
it { should contain_file('sshd_config').with_content(/^Port 22$/) }
it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
@ -294,6 +297,7 @@ describe 'ssh' do
}) })
} }
it { should contain_file('sshd_config').with_content(/^Port 22$/) }
it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) }
it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) }
it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) }
@ -393,6 +397,7 @@ describe 'ssh' do
end end
let :params do let :params do
{ {
:sshd_config_port => '22222',
:sshd_config_syslog_facility => 'DAEMON', :sshd_config_syslog_facility => 'DAEMON',
:sshd_config_login_grace_time => '60', :sshd_config_login_grace_time => '60',
:permit_root_login => 'no', :permit_root_login => 'no',
@ -421,6 +426,7 @@ describe 'ssh' do
}) })
} }
it { should contain_file('sshd_config').with_content(/^Port 22222$/) }
it { should contain_file('sshd_config').with_content(/^SyslogFacility DAEMON$/) } it { should contain_file('sshd_config').with_content(/^SyslogFacility DAEMON$/) }
it { should contain_file('sshd_config').with_content(/^LoginGraceTime 60$/) } it { should contain_file('sshd_config').with_content(/^LoginGraceTime 60$/) }
it { should contain_file('sshd_config').with_content(/^PermitRootLogin no$/) } it { should contain_file('sshd_config').with_content(/^PermitRootLogin no$/) }
@ -476,6 +482,25 @@ describe 'ssh' do
} }
end end
context 'with sshd_config_port not being a valid number' do
let :facts do
{
:fqdn => 'monkey.example.com',
:osfamily => 'RedHat',
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
}
end
let :params do
{ :sshd_config_port => '22invalid' }
end
it 'should fail' do
expect {
should include_class('ssh')
}.to raise_error(Puppet::Error,/sshd_config_port must be a valid number and is set to <22invalid>./)
end
end
context 'with manage_root_ssh_config set to invalid value on valid osfamily' do context 'with manage_root_ssh_config set to invalid value on valid osfamily' do
let :facts do let :facts do
{ {

1
templates/sshd_config.erb
View File

@ -14,6 +14,7 @@
# default value. # default value.
#Port 22 #Port 22
Port <%= @sshd_config_port %>
#Protocol 2,1 #Protocol 2,1
Protocol 2 Protocol 2
#AddressFamily any #AddressFamily any