puppet/ssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Work with apazga on adding config options for ssh_config

Browse Source
This commit is contained in:
Garrett Honeycutt 2016-06-04 10:34:50 -04:00
parent b48e066f21
commit 88f857d6b6
4 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -160,9 +160,9 @@ String for HostbasedAuthentication option in ssh_config. Valid values are 'yes'
ssh_strict_host_key_checking ssh_strict_host_key_checking
----------------------------- -----------------------------
*string* For StrictHostKeyChecking setting in ssh_config. Valid values are *string* For StrictHostKeyChecking setting in ssh_config. Valid values are
'yes', 'no' or ask. 'yes', 'no' or 'ask'.
- *Default*: ask - *Default*: undef
ssh_enable_ssh_keysign ssh_enable_ssh_keysign
----------------------------- -----------------------------

2
manifests/init.pp
View File

@ -492,7 +492,7 @@ class ssh (
} }
if $ssh_strict_host_key_checking != undef { if $ssh_strict_host_key_checking != undef {
validate_re($ssh_strict_host_key_checking, '^(yes|no|ask)$', "ssh::ssh_ssh_strict_host_key_checking may be 'yes', 'no' or ask and is set to <${ssh_strict_host_key_checking}>.") validate_re($ssh_strict_host_key_checking, '^(yes|no|ask)$', "ssh::ssh_strict_host_key_checking may be 'yes', 'no' or 'ask' and is set to <${ssh_strict_host_key_checking}>.")
} }
if $ssh_enable_ssh_keysign != undef { if $ssh_enable_ssh_keysign != undef {

8
spec/classes/init_spec.rb
View File

@ -316,6 +316,9 @@ describe 'ssh' do
'hmac-sha1-etm@openssh.com', 'hmac-sha1-etm@openssh.com',
], ],
:ssh_config_global_known_hosts_file => '/etc/ssh/ssh_known_hosts2', :ssh_config_global_known_hosts_file => '/etc/ssh/ssh_known_hosts2',
:ssh_hostbasedauthentication => 'yes',
:ssh_strict_host_key_checking => 'ask',
:ssh_enable_ssh_keysign => 'yes',
} }
end end
@ -345,6 +348,9 @@ describe 'ssh' do
it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) } it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) }
it { should contain_file('ssh_config').with_content(/^\s*MACs hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com$/) } it { should contain_file('ssh_config').with_content(/^\s*MACs hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com$/) }
it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts2$/) } it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts2$/) }
it { should contain_file('ssh_config').with_content(/^\s*HostbasedAuthentication yes$/) }
it { should contain_file('ssh_config').with_content(/^\s*StrictHostKeyChecking ask$/) }
it { should contain_file('ssh_config').with_content(/^\s*EnableSSHKeysign yes$/) }
end end
context 'with params used in sshd_config set on valid osfamily' do context 'with params used in sshd_config set on valid osfamily' do
@ -1800,7 +1806,7 @@ describe 'ssh' do
it 'should fail' do it 'should fail' do
expect { expect {
should contain_class('ssh') should contain_class('ssh')
}.to raise_error(Puppet::Error,/ssh::ssh_strict_host_key_checking may be either 'yes' or 'no' and is set to <#{Regexp.escape(value.to_s)}>\./) }.to raise_error(Puppet::Error,/ssh::ssh_strict_host_key_checking may be 'yes', 'no' or 'ask' and is set to <#{Regexp.escape(value.to_s)}>\./)
end end
end end
end end

6
templates/ssh_config.erb
View File

@ -96,7 +96,7 @@ GSSAPIDelegateCredentials <%= @ssh_gssapidelegatecredentials %>
<% if @ssh_config_macs -%> <% if @ssh_config_macs -%>
MACs <%= @ssh_config_macs.join(',') %> MACs <%= @ssh_config_macs.join(',') %>
<% end -%> <% end -%>
<% if @ssh_enable_ssh_keysign -%> <% if not @ssh_enable_ssh_keysign.nil? -%>
# EnableSSHKeysign no # EnableSSHKeysign no
EnableSSHKeysign yes EnableSSHKeysign <%= @ssh_enable_ssh_keysign %>
<% end -%> <% end -%>