cookbook 'sshd', '= 1.2.1'
sshd (13) Versions 1.2.1 Follow29
Installs/Configures sshd
cookbook 'sshd', '= 1.2.1', :supermarket
knife supermarket install sshd
knife supermarket download sshd
Description
This cookbook maintains the openssh server.
Unlike other sshd cookbooks, this cookbook respects the default settings of the
current operating systems, unless these settings are explicitly overwritten.
This cookbook takes (or at least tries to) the default sshd configruation of the
distribution you are using as a default. Then you can overwrite specific
settings.
See below for the default settings.
Attributes
You can specify the package that installs sshd, using the following attribute.
There's defaults for most linux distributions.
node['sshd']['package'] # package to install openssh-server
The following settings will be filled in using the defaults of the distribution you're using, unless you overwrite it in your node configuration / definition
node['sshd']['config_file'] # path to sshd_config node['sshd']['service_name'] # sshd service name
You can specify every configuration option that openssh-server supports in the
sshd_config
attribute. The settings you specify will be merged with the
distributions default settings.
node['sshd']['sshd_config']['Port'] = 22
Conditional blocks are defined using hashes
node['sshd']['sshd_config']['Match']['User fred']['X11Forwarding'] = 'no' node['sshd']['sshd_config']['Match'] = { 'User john' => { 'ChrootDirectory' => '/srv', 'ForceCommand' => 'internal-sftp', 'AllowTcpForwarding' => 'no', 'X11Forwarding' => 'no' } }
Some configuration options can be specified multiple times. You can reflect this
using an array
node['sshd']['sshd_config']['HostKey'] = %w{key1 key2}
Recipes
default
Runs the install recipe, then configures openssh-server according to the node attributes.
install
Just installs openssh-server without configuring it, as well as enabling and starting the daemon.
Definitions
You can also maintain openssh-server using the definition. This is the
recommended way.
To use the definition, make sure your metadata.rb includes
depends 'sshd'
openssh_server
To install and configure openssh-server from other recipes, use the following definition:
openssh_server node['sshd']['config_file']
or, if you need a configuration which differs from the default
openssh_server '/etc/sshd_config' do Port 1234 X11Forward 'no' end
The definition accepts all configuration options sshd_config
supports.
openssh_server node['sshd']['config_file'] do Port 1234 X11Forward 'yes' # To specify an option multiple times, use an array HostKey %w{/etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_rsa_key} # For conditional blocks, use a hash Match 'User fred' => { 'X11Forwarding' => 'no' }, 'User john' => { 'ChrootDirectory' => '/srv', 'ForceCommand' => 'internal-sftp', 'AllowTcpForwarding' => 'no', 'X11Forwarding' => 'no' } end
In case you need it, you can also use a custom template to use for sshd_config
openssh_server node['sshd']['config_file'] do cookbook 'mycookbook' source 'mytemplate.erb' end
Default sshd_config settings
The following options are set by default
Port 22
Protocol 2
AcceptEnv LANG LC_*
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
PasswordAuthentication yes
ChallengeResponseAuthentication no
X11Forwarding yes
UsePAM yes
Plus, on debian/ubuntu machines
SyslogFacility AUTH
GSSAPIAuthentication no
Subsystem sftp /usr/lib/openssh/sftp-server
And on centos/compatible machines
SyslogFacility AUTHPRIV
GSSAPIAuthentication yes
Subsystem sftp /usr/libexec/openssh/sftp-server
Contributing
You fixed a bug, or added a new feature? Yippie!
- Fork the repository on Github
- Create a named feature branch (like
add\_component\_x
) - Write you change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
Contributions of any sort are very welcome!
License and Authors
Authors: Chris Aumann me@chr4.org
Contributors: Jeremy Olliver jeremy.olliver@gmail.com, Andy Thompson <
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
sshd CHANGELOG
This file is used to list changes made in each version of the sshd cookbook.
1.2.1
- Use attribute bracket syntax (required for Chef 13)
1.2.0
- Remove workaround for chef-client < 11.14, as it breaks Ubuntu Xenial 16.04 LTS
1.1.3
- Fixes a bug in configuration test
1.1.2
- Check
sshd_config
before restarting sshd service
1.1.1
- Fix default XMODIFIERS for RHEL
- Add default attributes for OS X
1.1.0
- Add workaround to set service provider to Upstart on recent Ubuntus (until chef-client is fixed)
1.0.1
- Add support for Ed25519 HostKeys
1.0.0
- Initial release of sshd
Collaborator Number Metric
1.2.1 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Foodcritic Metric
1.2.1 failed this metric
FC015: Consider converting definition to a Custom Resource: /tmp/fb4bc2ad49e9e4a1bb3a86ed/sshd/definitions/openssh_server.rb:1
FC064: Ensure issues_url is set in metadata: /tmp/fb4bc2ad49e9e4a1bb3a86ed/sshd/metadata.rb:1
FC065: Ensure source_url is set in metadata: /tmp/fb4bc2ad49e9e4a1bb3a86ed/sshd/metadata.rb:1
1.2.1 failed this metric
1.2.1 failed this metric
FC015: Consider converting definition to a Custom Resource: /tmp/fb4bc2ad49e9e4a1bb3a86ed/sshd/definitions/openssh_server.rb:1
FC064: Ensure issues_url is set in metadata: /tmp/fb4bc2ad49e9e4a1bb3a86ed/sshd/metadata.rb:1
FC065: Ensure source_url is set in metadata: /tmp/fb4bc2ad49e9e4a1bb3a86ed/sshd/metadata.rb:1