From 31397a0f1875be9e9f81a5f8c2881f263c4f1222 Mon Sep 17 00:00:00 2001 From: Garrett Honeycutt Date: Sat, 2 Nov 2013 13:59:27 +0100 Subject: [PATCH 1/2] Add Debian 7 support Thank you, for5min, for testing this out and verifying that the package names are the same between Debian 7 and Ubuntu 12.04 LTS. --- README.md | 1 + manifests/init.pp | 15 ++++--------- spec/classes/init_spec.rb | 46 ++++++++++++++++++++------------------- 3 files changed, 29 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index 6148fef..e6bfc03 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ The module uses exported resources to manage ssh keys and removes ssh keys that This module has been tested to work on the following systems with Puppet v3. + * Debian 7 * EL 5 * EL 6 * SLES 11 diff --git a/manifests/init.pp b/manifests/init.pp index 9549efd..32c0cb8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -116,17 +116,10 @@ class ssh ( } } 'Debian': { - case $::operatingsystem { - 'Ubuntu': { - $default_packages = [ 'openssh-server', - 'openssh-client'] - $default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server' - $default_service_name = 'ssh' - } - default: { - fail("ssh supports Debian variant Ubuntu. Your osfamily is <${::osfamily}> and operatingsystem is <${::operatingsystem}>.") - } - } + $default_packages = [ 'openssh-server', + 'openssh-client'] + $default_sshd_config_subsystem_sftp = '/usr/lib/openssh/sftp-server' + $default_service_name = 'ssh' } default: { fail("ssh supports osfamilies RedHat, Suse and Debian. Detected osfamily is <${::osfamily}>.") diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 2da6a95..b485a54 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -82,29 +82,11 @@ describe 'ssh' do } end - context 'with default params on osfamily Debian operatingsystem Debian' do + context 'with default params on osfamily Debian' do let :facts do { :fqdn => 'monkey.example.com', :osfamily => 'Debian', - :operatingsystem => 'Debian', - :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' - } - end - - it 'should fail' do - expect { - should include_class('ssh') - }.to raise_error(Puppet::Error,/ssh supports Debian variant Ubuntu. Your osfamily is and operatingsystem is ./) - end - end - - context 'with default params on osfamily Debian operatingsystem Ubuntu' do - let :facts do - { - :fqdn => 'monkey.example.com', - :osfamily => 'Debian', - :operatingsystem => 'Ubuntu', :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' } end @@ -345,7 +327,27 @@ describe 'ssh' do } end - context 'with optional params used in ssh_config set on osfamily RedHat' do + context 'with default params on invalid osfamily' do + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'C64', + :root_home => '/root', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + let :params do + { :manage_root_ssh_config => 'invalid' } + end + + it 'should fail' do + expect { + should include_class('ssh') + }.to raise_error(Puppet::Error,/ssh supports osfamilies RedHat, Suse and Debian. Detected osfamily is ./) + end + end + + context 'with optional params used in ssh_config set on valid osfamily' do let :facts do { :fqdn => 'monkey.example.com', @@ -381,7 +383,7 @@ describe 'ssh' do it { should contain_file('ssh_config').with_content(/^ SendEnv XMODIFIERS$/) } end - context 'with params used in sshd_config set on osfamily RedHat' do + context 'with params used in sshd_config set on valid osfamily' do let :facts do { :fqdn => 'monkey.example.com', @@ -608,7 +610,7 @@ describe 'ssh' do end end - context 'with ssh_config_sendenv_xmodifiers set to stringified true' do + context 'with ssh_config_sendenv_xmodifiers set to stringified \'true\'' do let :facts do { :fqdn => 'monkey.example.com', From 3dfa15ef6b57ad1cdb361324fae4c91273be5ddb Mon Sep 17 00:00:00 2001 From: Garrett Honeycutt Date: Sat, 2 Nov 2013 14:14:18 +0100 Subject: [PATCH 2/2] Add ability to specify listen port for sshd This patch allows you to specify a non-standard port for sshd. --- README.md | 6 ++++++ manifests/init.pp | 2 ++ spec/classes/init_spec.rb | 25 +++++++++++++++++++++++++ templates/sshd_config.erb | 1 + 4 files changed, 34 insertions(+) diff --git a/README.md b/README.md index e6bfc03..af658b8 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,12 @@ sshd_config's mode. - *Default*: '0600' +sshd_config_port +--------------------------- +String to specify listen port for sshd. Port option in sshd_config. + +- *Default*: 22 + sshd_config_syslog_facility --------------------------- SyslogFacility option in sshd_config. diff --git a/manifests/init.pp b/manifests/init.pp index 32c0cb8..f7b35f8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,6 +19,7 @@ class ssh ( $sshd_config_owner = 'root', $sshd_config_group = 'root', $sshd_config_mode = '0600', + $sshd_config_port = '22', $sshd_config_syslog_facility = 'AUTH', $sshd_config_login_grace_time = '120', $sshd_config_challenge_resp_auth = 'no', @@ -45,6 +46,7 @@ class ssh ( ) { # validate params + validate_re($sshd_config_port, '^\d+$', "sshd_config_port must be a valid number and is set to <${sshd_config_port}>") validate_re($sshd_password_authentication, '^(yes|no)$', "sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.") validate_re($sshd_allow_tcp_forwarding, '^(yes|no)$', "sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.") validate_re($sshd_x11_forwarding, '^(yes|no)$', "sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.") diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index b485a54..ab766fc 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -49,6 +49,7 @@ describe 'ssh' do }) } + it { should contain_file('sshd_config').with_content(/^Port 22$/) } it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } @@ -130,6 +131,7 @@ describe 'ssh' do }) } + it { should contain_file('sshd_config').with_content(/^Port 22$/) } it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } @@ -212,6 +214,7 @@ describe 'ssh' do }) } + it { should contain_file('sshd_config').with_content(/^Port 22$/) } it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } @@ -294,6 +297,7 @@ describe 'ssh' do }) } + it { should contain_file('sshd_config').with_content(/^Port 22$/) } it { should contain_file('sshd_config').with_content(/^SyslogFacility AUTH$/) } it { should contain_file('sshd_config').with_content(/^LoginGraceTime 120$/) } it { should contain_file('sshd_config').with_content(/^PermitRootLogin yes$/) } @@ -393,6 +397,7 @@ describe 'ssh' do end let :params do { + :sshd_config_port => '22222', :sshd_config_syslog_facility => 'DAEMON', :sshd_config_login_grace_time => '60', :permit_root_login => 'no', @@ -421,6 +426,7 @@ describe 'ssh' do }) } + it { should contain_file('sshd_config').with_content(/^Port 22222$/) } it { should contain_file('sshd_config').with_content(/^SyslogFacility DAEMON$/) } it { should contain_file('sshd_config').with_content(/^LoginGraceTime 60$/) } it { should contain_file('sshd_config').with_content(/^PermitRootLogin no$/) } @@ -476,6 +482,25 @@ describe 'ssh' do } end + context 'with sshd_config_port not being a valid number' do + let :facts do + { + :fqdn => 'monkey.example.com', + :osfamily => 'RedHat', + :sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ==' + } + end + let :params do + { :sshd_config_port => '22invalid' } + end + + it 'should fail' do + expect { + should include_class('ssh') + }.to raise_error(Puppet::Error,/sshd_config_port must be a valid number and is set to <22invalid>./) + end + end + context 'with manage_root_ssh_config set to invalid value on valid osfamily' do let :facts do { diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 3595f50..5d5849a 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -14,6 +14,7 @@ # default value. #Port 22 +Port <%= @sshd_config_port %> #Protocol 2,1 Protocol 2 #AddressFamily any