Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

sshd (9) Versions 1.2.1

Installs/Configures sshd

Berkshelf/Librarian
Policyfile
Knife
cookbook 'sshd', '= 1.2.1'
cookbook 'sshd', '= 1.2.1', :supermarket
knife cookbook site install sshd
knife cookbook site download sshd
README
Dependencies
Changelog
Quality 0%

Description

This cookbook maintains the openssh server.

Unlike other sshd cookbooks, this cookbook respects the default settings of the current operating systems, unless these settings are explicitly overwritten.

This cookbook takes (or at least tries to) the default sshd configruation of the distribution you are using as a default. Then you can overwrite specific settings.

See below for the default settings.

Attributes

You can specify the package that installs sshd, using the following attribute. There's defaults for most linux distributions.

node['sshd']['package']      # package to install openssh-server

The following settings will be filled in using the defaults of the distribution you're using, unless you overwrite it in your node configuration / definition

node['sshd']['config_file']  # path to sshd_config
node['sshd']['service_name'] # sshd service name

You can specify every configuration option that openssh-server supports in the sshd_config attribute. The settings you specify will be merged with the distributions default settings.

node['sshd']['sshd_config']['Port'] = 22

Conditional blocks are defined using hashes

node['sshd']['sshd_config']['Match']['User fred']['X11Forwarding'] = 'no'
node['sshd']['sshd_config']['Match'] = {
  'User john' => {
    'ChrootDirectory' => '/srv',
    'ForceCommand' => 'internal-sftp',
    'AllowTcpForwarding' => 'no',
    'X11Forwarding' => 'no'
  }
}

Some configuration options can be specified multiple times. You can reflect this using an array

node['sshd']['sshd_config']['HostKey'] = %w{key1 key2}

Recipes

default

Runs the install recipe, then configures openssh-server according to the node attributes.

install

Just installs openssh-server without configuring it, as well as enabling and starting the daemon.

Definitions

You can also maintain openssh-server using the definition. This is the recommended way.

To use the definition, make sure your metadata.rb includes

depends 'sshd'

openssh_server

To install and configure openssh-server from other recipes, use the following definition:

openssh_server node['sshd']['config_file']

or, if you need a configuration which differs from the default

openssh_server '/etc/sshd_config' do
  Port 1234
  X11Forward 'no'
end

The definition accepts all configuration options sshd_config supports.

openssh_server node['sshd']['config_file'] do
  Port        1234
  X11Forward  'yes'

  # To specify an option multiple times, use an array
  HostKey     %w{/etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_rsa_key}

  # For conditional blocks, use a hash
  Match       'User fred' => { 'X11Forwarding' => 'no' },
              'User john' => {
                'ChrootDirectory' => '/srv',
                'ForceCommand' => 'internal-sftp',
                'AllowTcpForwarding' => 'no',
                'X11Forwarding' => 'no'
              }
end

In case you need it, you can also use a custom template to use for sshd_config

openssh_server node['sshd']['config_file'] do
  cookbook 'mycookbook'
  source   'mytemplate.erb'
end

Default sshd_config settings

The following options are set by default

Port 22
Protocol 2
AcceptEnv LANG LC_*
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
PasswordAuthentication yes
ChallengeResponseAuthentication no
X11Forwarding yes
UsePAM yes

Plus, on debian/ubuntu machines

SyslogFacility AUTH
GSSAPIAuthentication no
Subsystem sftp /usr/lib/openssh/sftp-server

And on centos/compatible machines

SyslogFacility AUTHPRIV
GSSAPIAuthentication yes
Subsystem sftp /usr/libexec/openssh/sftp-server

Contributing

You fixed a bug, or added a new feature? Yippie!

  1. Fork the repository on Github
  2. Create a named feature branch (like add\_component\_x)
  3. Write you change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

Contributions of any sort are very welcome!

License and Authors

Authors: Chris Aumann me@chr4.org Contributors: Jeremy Olliver jeremy.olliver@gmail.com, Andy Thompson <

sshd CHANGELOG

This file is used to list changes made in each version of the sshd cookbook.

1.2.1

  • Use attribute bracket syntax (required for Chef 13)

1.2.0

  • Remove workaround for chef-client < 11.14, as it breaks Ubuntu Xenial 16.04 LTS

1.1.3

  • Fixes a bug in configuration test

1.1.2

  • Check sshd_config before restarting sshd service

1.1.1

  • Fix default XMODIFIERS for RHEL
  • Add default attributes for OS X

1.1.0

  • Add workaround to set service provider to Upstart on recent Ubuntus (until chef-client is fixed)

1.0.1

  • Add support for Ed25519 HostKeys

1.0.0

  • Initial release of sshd

Collaborator Number Metric
            

1.2.1 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Foodcritic Metric
            

1.2.1 failed this metric

FC015: Consider converting definition to a Custom Resource: /tmp/fb4bc2ad49e9e4a1bb3a86ed/sshd/definitions/openssh_server.rb:1
FC064: Ensure issues_url is set in metadata: /tmp/fb4bc2ad49e9e4a1bb3a86ed/sshd/metadata.rb:1
FC065: Ensure source_url is set in metadata: /tmp/fb4bc2ad49e9e4a1bb3a86ed/sshd/metadata.rb:1