cookbook 'openssh', '= 1.6.0'
openssh
(70) Versions
1.6.0
-
-
2.11.13
-
2.11.12
-
2.11.11
-
2.11.10
-
2.11.9
-
2.11.8
-
2.11.7
-
2.11.6
-
2.11.5
-
2.11.4
-
2.11.3
-
2.11.2
-
2.11.1
-
2.11.0
-
2.10.18
-
2.10.17
-
2.10.16
-
2.10.15
-
2.10.14
-
2.10.13
-
2.10.12
-
2.10.11
-
2.10.10
-
2.10.9
-
2.10.8
-
2.10.7
-
2.10.6
-
2.10.5
-
2.10.4
-
2.10.3
-
2.10.2
-
2.10.1
-
2.10.0
-
2.9.2
-
2.9.1
-
2.9.0
-
2.8.1
-
2.8.0
-
2.7.1
-
2.7.0
-
2.6.3
-
2.6.2
-
2.6.1
-
2.6.0
-
2.5.0
-
2.4.1
-
2.4.0
-
2.3.1
-
2.3.0
-
2.2.0
-
2.1.1
-
2.1.0
-
2.0.0
-
1.6.1
-
1.6.0
-
1.5.2
-
1.5.0
-
1.4.0
-
1.3.4
-
1.3.2
-
1.3.0
-
1.2.2
-
1.2.0
-
1.1.4
-
1.1.2
-
1.1.0
-
1.0.0
-
0.8.0
-
0.7.2
-
0.7.0
Follow169
- 2.11.13
- 2.11.12
- 2.11.11
- 2.11.10
- 2.11.9
- 2.11.8
- 2.11.7
- 2.11.6
- 2.11.5
- 2.11.4
- 2.11.3
- 2.11.2
- 2.11.1
- 2.11.0
- 2.10.18
- 2.10.17
- 2.10.16
- 2.10.15
- 2.10.14
- 2.10.13
- 2.10.12
- 2.10.11
- 2.10.10
- 2.10.9
- 2.10.8
- 2.10.7
- 2.10.6
- 2.10.5
- 2.10.4
- 2.10.3
- 2.10.2
- 2.10.1
- 2.10.0
- 2.9.2
- 2.9.1
- 2.9.0
- 2.8.1
- 2.8.0
- 2.7.1
- 2.7.0
- 2.6.3
- 2.6.2
- 2.6.1
- 2.6.0
- 2.5.0
- 2.4.1
- 2.4.0
- 2.3.1
- 2.3.0
- 2.2.0
- 2.1.1
- 2.1.0
- 2.0.0
- 1.6.1
- 1.6.0
- 1.5.2
- 1.5.0
- 1.4.0
- 1.3.4
- 1.3.2
- 1.3.0
- 1.2.2
- 1.2.0
- 1.1.4
- 1.1.2
- 1.1.0
- 1.0.0
- 0.8.0
- 0.7.2
- 0.7.0
Installs and configures OpenSSH client and daemon
cookbook 'openssh', '= 1.6.0', :supermarket
knife supermarket install openssh
knife supermarket download openssh
openssh Cookbook
Installs and configures OpenSSH client and daemon.
Requirements
Platforms
- Debian/Ubuntu
- RHEL/CentOS/Scientific/Oracle
- Fedora
- ArchLinux
- FreeBSD
Chef
- Chef 11.6+
Cookbooks
- iptables
Recipes
default
Selects the packages to install by package name and manages the sshd service.
iptables
Set up an iptables firewall rule to allow inbound SSH connections.
Usage
Ensure that the openssh packages are installed and the service is managed with recipe[openssh]
.
Attributes List
The attributes list is dynamically generated, and lines up with the default openssh configs.
This means anything located in sshd_config or ssh_config can be used in your node attributes.
- If the option can be entered more then once, use an Array, otherwise, use a String. If the option is host-specific use a Hash
(please see below for more details).
- Each attribute is stored as ruby case, and converted to camel case for the config file on the fly.
- The current default attributes match the stock ssh_config
and sshd_config
provided by openssh.
- The namespace for sshd_config
is node['openssh']['server']
.
- Likewise, the namespace for ssh_config
is node['openssh']['client']
.
- An attribute can be an Array
, a Hash
or a String
.
- If it is an Array
, each item in the array will get it's own line in the config file.
- Hash
attributes are meant to used with ssh_config
namespace to create host-specific configurations. The keys of the Hash
will be used as the Host
entries and their associated entries as the configuration values.
- All the values in openssh are commented out in the attributes/default.rb
file for a base starting point.
- There is one special attribute name, which is match
. This is not included in the default template like the others. node['openssh']['server']['match']
must be a Hash, where the key is the match pattern criteria and the value should be a Hash of normal keywords and values. The same transformations listed above apply to these keywords. See examples below.
Dynamic ListenAddress
Pass in a Hash
of interface names, and IP address type(s) to bind sshd to. This will expand to a list of IP addresses which override the default node['openssh']['server']['listen_address']
value.
Examples and Common usage
These can be mixed and matched in roles and attributes. Please note, it is possible to get sshd into a state that it will not run. If this is the case, you will need to login via an alternate method and debug sshd like normal.
No Password logins
This requires use of identity files to connect
"openssh": { "server": { "password_authentication": "no" } }
Change sshd Port
"openssh": { "server": { "port": "14188" } }
Match
"openssh": { "server": { "match": { "Address 192.168.1.0/24": { "password_authentication": "yes" }, "Group admins": { "permit_tunnel": "yes", "max_sessions": "20" } } } }
Enable X Forwarding
"openssh": { "server": { "x11_forwarding": "yes" } }
Bind to a specific set of address (this example actually binds to all).
Not to be used with node['openssh']['listen_interfaces']
.
"openssh": { "server": { "address_family": "any", "listen_address": [ "192.168.0.1", "::" ] } } }
Bind to the addresses tied to a set of interfaces.
"openssh": { "listen_interfaces": { "eth0": "inet", "eth1": "inet6" } }
Host-specific configurations with hashes.
You can use a Hash
with node['openssh']['client']
to configure different values for different hosts.
"client": { "*": { "g_s_s_a_p_i_authentication": "yes", "send_env": "LANG LC_*", "hash_known_hosts": "yes" }, "localhost": { "user_known_hosts_file": "/dev/null", "strict_host_key_checking": "no" }, "127.0.0.1": { "user_known_hosts_file": "/dev/null", "strict_host_key_checking": "no" }, "other*": { "user_known_hosts_file": "/dev/null", "strict_host_key_checking": "no" } }
The keys are used as values with the Host
entries. So, the configuration fragment shown above generates:
Host * SendEnv LANG LC_* HashKnownHosts yes GSSAPIAuthentication yes Host localhost StrictHostKeyChecking no UserKnownHostsFile /dev/null Host 127.0.0.1 StrictHostKeyChecking no UserKnownHostsFile /dev/null Host other* StrictHostKeyChecking no UserKnownHostsFile /dev/null
License & Authors
Author: Cookbook Engineering Team (cookbooks@chef.io)
Copyright: 2008-2016, Chef Software, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
openssh Cookbook CHANGELOG
This file is used to list changes made in each version of the openssh cookbook.
1.6.0 (2016-01-14)
- Removed the default['openssh']['rootgroup'] attribute and instead use root_group which was introduced in Chef 11.6.0
- UseRoaming no is now set in the client config to resolve CVE-2016-0777 and CVE-2016-0778
- Converted bats integration test to 2 suites of Inspec tests
- Added a libary to sort sshd_config entries while keeping port at the top to prevent sshd from failing to start
1.5.2 (2015-06-29)
- Use the complete path to sshd when verifying the config file since sbin may not be in the path
1.5.0 (2015-06-24)
- Perform a config syntax check before restarting the sshd so we don't break remote access to hosts
- Add support for Ubuntu 15.04+ with systemd
- Added a chefignore file
- Added Gitter badge for asking questions in a Gitter chat room
1.4.0 (2015-05-01)
- #42 - Fixed support for SmartOS
- #46 - Correct ArchLinux service name
- #43 - Correct OpenSSH server package name on RHEL, Fedora
- #31 - Allow included iptables rule to use the same port number if defined in attributes.
- #41 - Fix default recipe order
- #47 - Fix up iptables rule
- #49 - Fixed the print_last_log attribute in the Readme
- Updated Test Kitchen config with all supported platforms
- Updated Test Kitchen / Foodcritic / Rubocop / Berkshelf depedencies in the Gemfile
- Replaced Travis Ruby 1.9.3/2.0.0 testing with 2.1.5/2.2.0
- Resolved all Rubocop warnings
v1.3.4 (2014-04-23)
- [COOK-4576] - No way to override
AuthorizedKeysFile
- [COOK-4584] - Use Upstart on Ubuntu 12.04
- [COOK-4585] - skip match block in template if empty or unset
- [COOK-4586] OpenSSH Gentoo support
v1.3.2
Bug
- COOK-3995 - sshd_config template needs ordering
- COOK-3910 - ssh fails to start in Ubuntu 13.10
- COOK-2073 - Add support for Match block
v1.3.0
Improvement
- COOK-3644 - Add FreeBSD support
- COOK-2517 - Add hash support
- COOK-2000 - Make mode of sshd_config a configurable option
Bug
v1.2.2
Bug
-
COOK-3304 - Fix error setting Dynamic
ListenAddresses
v1.2.0
Improvement
- [COOK-2647]:
port_ssh
iptables template has no corresponding recipe
v1.1.4
- [COOK-2225] - Add platform_family suse
v1.1.2
- [COOK-1954] - Fix attribute camel case to match
man sshd_config
- [COOK-1889] - SSH restarting on each chef run due to template changes
v1.1.0
- [COOK-1663] - Configurable ListenAddress based off list of interface names
- [COOK-1685] - Make default sshd_config value more robust
v1.0.0
- [COOK-1014] - Templates for ssh(d).conf files.
v0.8.1
- Current public release
Foodcritic Metric
1.6.0 passed this metric
1.6.0 passed this metric