cookbook 'sshd', '= 1.3.1'
sshd (13) Versions 1.3.1 Follow29
Installs/Configures sshd
cookbook 'sshd', '= 1.3.1', :supermarket
knife supermarket install sshd
knife supermarket download sshd
Description
This cookbook maintains the openssh server.
Unlike other sshd cookbooks, this cookbook respects the default settings of the
current operating systems, unless these settings are explicitly overwritten.
This cookbook takes (or at least tries to) the default sshd configruation of the
distribution you are using as a default. Then you can overwrite specific
settings.
See below for the default settings.
Attributes
You can specify the package that installs sshd, using the following attribute.
There's defaults for most linux distributions.
node['sshd']['package'] # Package to install openssh-server
The following settings will be filled in using the defaults of the distribution you're using, unless you overwrite it in your node configuration / definition
node['sshd']['sshd_path'] # Path to sshd executable node['sshd']['config_file'] # Path to sshd_config node['sshd']['sshd_config_mode'] # File mode of sshd_config node['sshd']['service_name'] # OpenSSH service name
You can specify every configuration option that openssh-server supports in the
sshd_config
attribute. The settings you specify will be merged with the
distributions default settings.
node['sshd']['sshd_config']['Port'] = 22
Conditional blocks are defined using hashes
node['sshd']['sshd_config']['Match']['User fred']['X11Forwarding'] = 'no' node['sshd']['sshd_config']['Match'] = { 'User john' => { 'ChrootDirectory' => '/srv', 'ForceCommand' => 'internal-sftp', 'AllowTcpForwarding' => 'no', 'X11Forwarding' => 'no' } }
Some configuration options can be specified multiple times. You can reflect this
using an array
node['sshd']['sshd_config']['HostKey'] = %w(key1 key2)
Recipes
default
Runs the install recipe, then configures openssh-server according to the node attributes.
install
Just installs openssh-server without configuring it, as well as enabling and starting the daemon.
Definitions
You can also maintain openssh-server using the definition. This is the
recommended way.
To use the definition, make sure your metadata.rb includes
depends 'sshd'
openssh_server
To install and configure openssh-server from other recipes, use the following definition:
openssh_server node['sshd']['config_file']
or, if you need a configuration which differs from the default
openssh_server '/etc/sshd_config' do Port 1234 X11Forward 'no' end
The definition accepts all configuration options sshd_config
supports.
openssh_server node['sshd']['config_file'] do Port 1234 X11Forward 'yes' # To specify an option multiple times, use an array HostKey %w(/etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_rsa_key) # For conditional blocks, use a hash Match 'User fred' => { 'X11Forwarding' => 'no' }, 'User john' => { 'ChrootDirectory' => '/srv', 'ForceCommand' => 'internal-sftp', 'AllowTcpForwarding' => 'no', 'X11Forwarding' => 'no' } end
In case you need it, you can also use a custom template to use for sshd_config
openssh_server node['sshd']['config_file'] do cookbook 'mycookbook' source 'mytemplate.erb' end
Default sshd_config settings
The following options are set by default
Port 22
Protocol 2
AcceptEnv LANG LC_*
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
PasswordAuthentication yes
ChallengeResponseAuthentication no
X11Forwarding yes
UsePAM yes
Plus, on debian/ubuntu machines
SyslogFacility AUTH
GSSAPIAuthentication no
Subsystem sftp /usr/lib/openssh/sftp-server
And on centos/compatible machines
SyslogFacility AUTHPRIV
GSSAPIAuthentication yes
Subsystem sftp /usr/libexec/openssh/sftp-server
Contributing
You fixed a bug, or added a new feature? Yippie!
- Fork the repository on Github
- Create a named feature branch (like
add\_component\_x
) - Write you change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
Contributions of any sort are very welcome!
License and Authors
Authors: Chris Aumann me@chr4.org
Contributors: Jeremy Olliver, Andy Thompson, Peter Walz, Kevin Olbrich
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
sshd CHANGELOG
This file is used to list changes made in each version of the sshd cookbook.
1.3.1
- Add support to set
sshd_config
file mode, default to600
on RHEL
1.3.0
- The install recipe was removed, package installation migrated to the default recipe.
- Duplicate service resource warning was mitingated by removing the (probably useless) service definition in the install recipe.
- Fix issue with
sshd
binary path on rhel. (Thanks Peter Walz) - Add support for multiple
Port
options (Thanks Kevin Olbrich) - Fix an issue when both
Port
andListenAddress
is specified (Thanks Kevin Olbrich) - Remove a workaround for chef-client < 11.14 that was overseen in the 1.2.0 release.
1.2.1
- Use attribute bracket syntax (required for Chef 13)
1.2.0
- Remove workaround for chef-client < 11.14, as it breaks Ubuntu Xenial 16.04 LTS
1.1.3
- Fixes a bug in configuration test
1.1.2
- Check
sshd_config
before restarting sshd service
1.1.1
- Fix default XMODIFIERS for RHEL
- Add default attributes for OS X
1.1.0
- Add workaround to set service provider to Upstart on recent Ubuntus (until chef-client is fixed)
1.0.1
- Add support for Ed25519 HostKeys
1.0.0
- Initial release of sshd
Collaborator Number Metric
1.3.1 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
1.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.3.1 failed this metric
FC066: Ensure chef_version is set in metadata: sshd/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: sshd/metadata.rb:1
FC069: Ensure standardized license defined in metadata: sshd/metadata.rb:1
Run with Foodcritic Version 14.0.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.3.1 passed this metric
Testing File Metric
1.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.3.1 passed this metric
1.3.1 failed this metric
1.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.3.1 failed this metric
FC066: Ensure chef_version is set in metadata: sshd/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: sshd/metadata.rb:1
FC069: Ensure standardized license defined in metadata: sshd/metadata.rb:1
Run with Foodcritic Version 14.0.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.3.1 passed this metric
Testing File Metric
1.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.3.1 passed this metric
1.3.1 failed this metric
FC067: Ensure at least one platform supported in metadata: sshd/metadata.rb:1
FC069: Ensure standardized license defined in metadata: sshd/metadata.rb:1
Run with Foodcritic Version 14.0.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
1.3.1 passed this metric
Testing File Metric
1.3.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.3.1 passed this metric
1.3.1 failed this metric
1.3.1 passed this metric