Expose PermitTunnel from sshd_config
This commit is contained in:
Andrei Brezan
Andrei Brezan
parent
aacf3a7470
commit
e044e4c89f
12
README.md
12
README.md
@ -435,6 +435,18 @@ network goes down or the client host crashes. This avoids infinitely hanging se
|
||||
|
||||
- *Default*: 'yes'
|
||||
|
||||
sshd_config_permittunnel
|
||||
-----------------------
|
||||
PermitTunnel in sshd_config.
|
||||
Specifies whether tun(4) device forwarding is allowed. The argument must be
|
||||
'yes', 'point-to-point' (layer 3), 'ethernet' (layer 2), or 'no'.
|
||||
Specifying 'yes' permits both 'point-to-point' and 'ethernet'. The
|
||||
default is 'no'.
|
||||
Independent of this setting, the permissions of the selected tun(4) device must
|
||||
allow access to the user.
|
||||
|
||||
- *Default*: 'no'
|
||||
|
||||
sshd_config_ciphers
|
||||
-------------------
|
||||
Array of ciphers for the Ciphers setting in sshd_config.
|
||||
|
||||
@ -106,6 +106,7 @@ class ssh (
|
||||
$manage_root_ssh_config = false,
|
||||
$root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n",
|
||||
$sshd_config_tcp_keepalive = 'yes',
|
||||
$sshd_config_permittunnel = 'no',
|
||||
) {
|
||||
|
||||
case $::osfamily {
|
||||
@ -764,6 +765,9 @@ class ssh (
|
||||
}
|
||||
|
||||
validate_re($sshd_config_tcp_keepalive, '^(yes|no)$', "ssh::sshd_config_tcp_keepalive may be either 'yes' or 'no' and is set to <${sshd_config_tcp_keepalive}>.")
|
||||
|
||||
validate_re($sshd_config_permittunnel, '^(yes|no|point-to-point|ethernet)$', "ssh::sshd_config_permittunnel may be either 'yes', 'point-to-point', 'ethernet' or 'no' and is set to <${sshd_config_permittunnel}>.")
|
||||
|
||||
package { $packages_real:
|
||||
ensure => installed,
|
||||
source => $ssh_package_source_real,
|
||||
|
||||
@ -430,6 +430,7 @@ describe 'ssh' do
|
||||
'2001:db8::dead:f00d',
|
||||
],
|
||||
:sshd_config_tcp_keepalive => 'yes',
|
||||
:sshd_config_permittunnel => 'no',
|
||||
}
|
||||
end
|
||||
|
||||
@ -496,6 +497,7 @@ describe 'ssh' do
|
||||
it { should contain_file('sshd_config').with_content(/^\s*AllowGroups ssh security$/) }
|
||||
it { should contain_file('sshd_config').with_content(/^ListenAddress 192.168.1.1\nListenAddress 2001:db8::dead:f00d$/) }
|
||||
it { should contain_file('sshd_config').with_content(/^TCPKeepAlive yes$/) }
|
||||
it { should contain_file('sshd_config').with_content(/^PermitTunnel no$/) }
|
||||
|
||||
it {
|
||||
should contain_file('sshd_banner').with({
|
||||
@ -908,6 +910,26 @@ describe 'ssh' do
|
||||
end
|
||||
end
|
||||
|
||||
describe 'sshd_config_permittunnel param' do
|
||||
['yes','point-to-point','ethernet','no'].each do |value|
|
||||
context "set to #{value}" do
|
||||
let (:params) { { :sshd_config_permittunnel => value } }
|
||||
|
||||
it { should contain_file('sshd_config').with_content(/^PermitTunnel #{value}$/) }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when set to an invalid value' do
|
||||
let (:params) { { :sshd_config_permittunnel => 'invalid' } }
|
||||
|
||||
it 'should fail' do
|
||||
expect {
|
||||
should contain_class('ssh')
|
||||
}.to raise_error(Puppet::Error,/ssh::sshd_config_permittunnel may be either \'yes\', \'point-to-point\', \'ethernet\' or \'no\' and is set to <invalid>\./)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'with manage_root_ssh_config set to invalid value on valid osfamily' do
|
||||
let(:params) { { :manage_root_ssh_config => 'invalid' } }
|
||||
|
||||
|
||||
1
spec/fixtures/sshd_config_debian
vendored
1
spec/fixtures/sshd_config_debian
vendored
@ -127,6 +127,7 @@ UseDNS yes
|
||||
#MaxSessions 10
|
||||
|
||||
#PermitTunnel no
|
||||
PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
|
||||
# no default banner path
|
||||
|
||||
1
spec/fixtures/sshd_config_rhel
vendored
1
spec/fixtures/sshd_config_rhel
vendored
@ -127,6 +127,7 @@ UseDNS yes
|
||||
#MaxSessions 10
|
||||
|
||||
#PermitTunnel no
|
||||
PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
|
||||
# no default banner path
|
||||
|
||||
1
spec/fixtures/sshd_config_sles_12_x86_64
vendored
1
spec/fixtures/sshd_config_sles_12_x86_64
vendored
@ -127,6 +127,7 @@ UseDNS yes
|
||||
#MaxSessions 10
|
||||
|
||||
#PermitTunnel no
|
||||
PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
|
||||
# no default banner path
|
||||
|
||||
1
spec/fixtures/sshd_config_solaris
vendored
1
spec/fixtures/sshd_config_solaris
vendored
@ -114,6 +114,7 @@ ClientAliveCountMax 3
|
||||
#MaxSessions 10
|
||||
|
||||
#PermitTunnel no
|
||||
PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
|
||||
# no default banner path
|
||||
|
||||
1
spec/fixtures/sshd_config_suse_i386
vendored
1
spec/fixtures/sshd_config_suse_i386
vendored
@ -127,6 +127,7 @@ UseDNS yes
|
||||
#MaxSessions 10
|
||||
|
||||
#PermitTunnel no
|
||||
PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
|
||||
# no default banner path
|
||||
|
||||
1
spec/fixtures/sshd_config_suse_x86_64
vendored
1
spec/fixtures/sshd_config_suse_x86_64
vendored
@ -127,6 +127,7 @@ UseDNS yes
|
||||
#MaxSessions 10
|
||||
|
||||
#PermitTunnel no
|
||||
PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
|
||||
# no default banner path
|
||||
|
||||
1
spec/fixtures/sshd_config_ubuntu1604
vendored
1
spec/fixtures/sshd_config_ubuntu1604
vendored
@ -130,6 +130,7 @@ UseDNS yes
|
||||
#MaxSessions 10
|
||||
|
||||
#PermitTunnel no
|
||||
PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
|
||||
# no default banner path
|
||||
|
||||
@ -194,6 +194,7 @@ MaxSessions <%= @sshd_config_maxsessions %>
|
||||
<% end -%>
|
||||
|
||||
#PermitTunnel no
|
||||
PermitTunnel <%= @sshd_config_permittunnel %>
|
||||
<% if @sshd_config_chrootdirectory -%>
|
||||
ChrootDirectory <%= @sshd_config_chrootdirectory %>
|
||||
<% else -%>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user