Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms


sshd (9) Versions 1.2.1

Installs/Configures sshd

cookbook 'sshd', '= 1.2.1'
cookbook 'sshd', '= 1.2.1', :supermarket
knife cookbook site install sshd
knife cookbook site download sshd
Quality 0%


This cookbook maintains the openssh server.

Unlike other sshd cookbooks, this cookbook respects the default settings of the current operating systems, unless these settings are explicitly overwritten.

This cookbook takes (or at least tries to) the default sshd configruation of the distribution you are using as a default. Then you can overwrite specific settings.

See below for the default settings.


You can specify the package that installs sshd, using the following attribute. There's defaults for most linux distributions.

node['sshd']['package']      # package to install openssh-server

The following settings will be filled in using the defaults of the distribution you're using, unless you overwrite it in your node configuration / definition

node['sshd']['config_file']  # path to sshd_config
node['sshd']['service_name'] # sshd service name

You can specify every configuration option that openssh-server supports in the sshd_config attribute. The settings you specify will be merged with the distributions default settings.

node['sshd']['sshd_config']['Port'] = 22

Conditional blocks are defined using hashes

node['sshd']['sshd_config']['Match']['User fred']['X11Forwarding'] = 'no'
node['sshd']['sshd_config']['Match'] = {
  'User john' => {
    'ChrootDirectory' => '/srv',
    'ForceCommand' => 'internal-sftp',
    'AllowTcpForwarding' => 'no',
    'X11Forwarding' => 'no'

Some configuration options can be specified multiple times. You can reflect this using an array

node['sshd']['sshd_config']['HostKey'] = %w{key1 key2}



Runs the install recipe, then configures openssh-server according to the node attributes.


Just installs openssh-server without configuring it, as well as enabling and starting the daemon.


You can also maintain openssh-server using the definition. This is the recommended way.

To use the definition, make sure your metadata.rb includes

depends 'sshd'


To install and configure openssh-server from other recipes, use the following definition:

openssh_server node['sshd']['config_file']

or, if you need a configuration which differs from the default

openssh_server '/etc/sshd_config' do
  Port 1234
  X11Forward 'no'

The definition accepts all configuration options sshd_config supports.

openssh_server node['sshd']['config_file'] do
  Port        1234
  X11Forward  'yes'

  # To specify an option multiple times, use an array
  HostKey     %w{/etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_rsa_key}

  # For conditional blocks, use a hash
  Match       'User fred' => { 'X11Forwarding' => 'no' },
              'User john' => {
                'ChrootDirectory' => '/srv',
                'ForceCommand' => 'internal-sftp',
                'AllowTcpForwarding' => 'no',
                'X11Forwarding' => 'no'

In case you need it, you can also use a custom template to use for sshd_config

openssh_server node['sshd']['config_file'] do
  cookbook 'mycookbook'
  source   'mytemplate.erb'

Default sshd_config settings

The following options are set by default

Port 22
Protocol 2
AcceptEnv LANG LC_*
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
PasswordAuthentication yes
ChallengeResponseAuthentication no
X11Forwarding yes
UsePAM yes

Plus, on debian/ubuntu machines

SyslogFacility AUTH
GSSAPIAuthentication no
Subsystem sftp /usr/lib/openssh/sftp-server

And on centos/compatible machines

SyslogFacility AUTHPRIV
GSSAPIAuthentication yes
Subsystem sftp /usr/libexec/openssh/sftp-server


You fixed a bug, or added a new feature? Yippie!

  1. Fork the repository on Github
  2. Create a named feature branch (like add\_component\_x)
  3. Write you change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

Contributions of any sort are very welcome!

License and Authors

Authors: Chris Aumann Contributors: Jeremy Olliver, Andy Thompson <


This file is used to list changes made in each version of the sshd cookbook.


  • Use attribute bracket syntax (required for Chef 13)


  • Remove workaround for chef-client < 11.14, as it breaks Ubuntu Xenial 16.04 LTS


  • Fixes a bug in configuration test


  • Check sshd_config before restarting sshd service


  • Fix default XMODIFIERS for RHEL
  • Add default attributes for OS X


  • Add workaround to set service provider to Upstart on recent Ubuntus (until chef-client is fixed)


  • Add support for Ed25519 HostKeys


  • Initial release of sshd

Collaborator Number Metric

1.2.1 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Foodcritic Metric

1.2.1 failed this metric

FC015: Consider converting definition to a Custom Resource: /tmp/fb4bc2ad49e9e4a1bb3a86ed/sshd/definitions/openssh_server.rb:1
FC064: Ensure issues_url is set in metadata: /tmp/fb4bc2ad49e9e4a1bb3a86ed/sshd/metadata.rb:1
FC065: Ensure source_url is set in metadata: /tmp/fb4bc2ad49e9e4a1bb3a86ed/sshd/metadata.rb:1