diff --git a/manifests/server/config.pp b/manifests/server/config.pp index 1bd2905..44bf5fa 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -7,14 +7,19 @@ $acceptenv = undef, $addressfamily = undef, $allowagentforwarding = undef, + $allowgroups = undef, + $allowstreamlocalforwarding = undef, $allowtcpforwarding = undef, $allowusers = undef, $authenticationmethods = undef, $authorizedkeyscommand = undef, $authorizedkeyscommanduser = undef, $authorizedkeysfile = undef, + $authorizedprincipalscommand = undef, + $authorizedprincipalscommanduser = undef, $authorizedprincipalsfile = undef, $banner = undef, + $casignaturealgorithms = undef, $challengeresponseauthentication = undef, $chrootdirectory = undef, $ciphers = undef, @@ -23,22 +28,29 @@ $compression = undef, $denygroups = undef, $denyusers = undef, + $disableforwarding = undef, $exposeauthinfo = undef, + $fingerprinthash = undef, $forcecommand = undef, $gatewayports = undef, $gssapiauthentication = undef, - $gssapikeyexchange = undef, $gssapicleanupcredentials = undef, + $gssapikeyexchange = undef, $gssapistorecredentialsonrekey = undef, $gssapistrictacceptorcheck = undef, + $hostbasedacceptedkeytypes = undef, $hostbasedauthentication = undef, $hostbasedusesnamefrompacketonly = undef, $hostcertificate = undef, + $hostkey = undef, + $hostkeyagent = undef, $hostkeyalgorithms = undef, $ignorerhosts = undef, $ignoreuserknownhosts = undef, $ipqos = undef, + $kbdinteractiveauthentication = undef, $kerberosauthentication = undef, + $kerberosgetafstoken = undef, $kerberosorlocalpasswd = undef, $kerberosticketcleanup = undef, $kexalgorithms = undef, @@ -51,10 +63,13 @@ $maxstartups = undef, $passwordauthentication = undef, $permitemptypasswords = undef, + $permitlisten = undef, $permitopen = undef, $permitrootlogin = 'no', + $permittty = undef, $permittunnel = undef, $permituserenvironment = undef, + $permituserrc = undef, $pidfile = undef, $port = '22', $printlastlog = undef, @@ -63,15 +78,20 @@ $pubkeyacceptedkeytypes = undef, $pubkeyauthentication = undef, $rdomain = undef, + $rekeylimit = undef, $revokedkeys = undef, $rhostsrsaauthentication = undef, $rsaauthentication = undef, $saclsupport = undef, $serverkeybits = undef, + $setenv = undef, + $streamlocalbindmask = undef, + $streamlocalbindunlink = undef, $strictmodes = undef, $syslogfacility = 'AUTH', $tcpkeepalive = undef, $trustedusercakeys = undef, + $useblacklist = undef, $usedns = undef, $uselogin = undef, $usepam = undef, @@ -91,14 +111,19 @@ 'AcceptEnv', 'AddressFamily', 'AllowAgentForwarding', + 'AllowGroups', + 'AllowStreamLocalForwarding', 'AllowTcpForwarding', 'AllowUsers', 'AuthenticationMethods', 'AuthorizedKeysCommand', 'AuthorizedKeysCommandUser', 'AuthorizedKeysFile', + 'AuthorizedPrincipalsCommand', + 'AuthorizedPrincipalsCommandUser', 'AuthorizedPrincipalsFile', 'Banner', + 'CASignatureAlgorithms', 'ChallengeResponseAuthentication', 'ChrootDirectory', 'Ciphers', @@ -107,22 +132,29 @@ 'Compression', 'DenyGroups', 'DenyUsers', - 'ForceCommand', + 'DisableForwarding', 'ExposeAuthInfo', + 'FingerprintHash', + 'ForceCommand', 'GatewayPorts', 'GSSAPIAuthentication', - 'GSSAPIKeyExchange', 'GSSAPICleanupCredentials', - 'GSSAPIStrictAcceptorCheck', + 'GSSAPIKeyExchange', 'GSSAPIStoreCredentialsOnRekey', + 'GSSAPIStrictAcceptorCheck', + 'HostbasedAcceptedKeyTypes', 'HostbasedAuthentication', 'HostbasedUsesNameFromPacketOnly', 'HostCertificate', + 'HostKey', + 'HostKeyAgent', 'HostKeyAlgorithms', 'IgnoreRhosts', 'IgnoreUserKnownHosts', 'IPQoS', + 'KbdInteractiveAuthentication', 'KerberosAuthentication', + 'KerberosGetAFSToken', 'KerberosOrLocalPasswd', 'KerberosTicketCleanup', 'KexAlgorithms', @@ -136,10 +168,13 @@ 'MaxStartups', 'PasswordAuthentication', 'PermitEmptyPasswords', + 'PermitListen', 'PermitOpen', 'PermitRootLogin', + 'PermitTTY', 'PermitTunnel', 'PermitUserEnvironment', + 'PermitUserRC', 'PidFile', 'Port', 'PrintLastLog', @@ -148,15 +183,20 @@ 'PubkeyAcceptedKeyTypes', 'PubkeyAuthentication', 'RDomain', + 'RekeyLimit', 'RevokedKeys', 'RhostsRSAAuthentication', 'RSAAuthentication', 'SACLSupport', 'ServerKeyBits', + 'SetEnv', + 'StreamLocalBindMask', + 'StreamLocalBindUnlink', 'StrictModes', 'SyslogFacility', 'TCPKeepAlive', 'TrustedUserCAKeys', + 'UseBlacklist', 'UseDNS', 'UseLogin', 'UsePAM', diff --git a/spec/classes/ssh_server_config_spec.rb b/spec/classes/ssh_server_config_spec.rb index 483b987..fdb0f98 100644 --- a/spec/classes/ssh_server_config_spec.rb +++ b/spec/classes/ssh_server_config_spec.rb @@ -11,14 +11,19 @@ AcceptEnv AddressFamily AllowAgentForwarding + AllowGroups + AllowStreamLocalForwarding AllowTcpForwarding AllowUsers AuthenticationMethods AuthorizedKeysCommand AuthorizedKeysCommandUser AuthorizedKeysFile + AuthorizedPrincipalsCommand + AuthorizedPrincipalsCommandUser AuthorizedPrincipalsFile Banner + CASignatureAlgorithms ChallengeResponseAuthentication ChrootDirectory Ciphers @@ -27,22 +32,29 @@ Compression DenyGroups DenyUsers + DisableForwarding ExposeAuthInfo + FingerprintHash ForceCommand GatewayPorts GSSAPIAuthentication - GSSAPIKeyExchange GSSAPICleanupCredentials - GSSAPIStrictAcceptorCheck + GSSAPIKeyExchange GSSAPIStoreCredentialsOnRekey + GSSAPIStrictAcceptorCheck + HostbasedAcceptedKeyTypes HostbasedAuthentication HostbasedUsesNameFromPacketOnly HostCertificate + HostKey + HostKeyAgent HostKeyAlgorithms IgnoreRhosts IgnoreUserKnownHosts IPQoS + KbdInteractiveAuthentication KerberosAuthentication + KerberosGetAFSToken KerberosOrLocalPasswd KerberosTicketCleanup KexAlgorithms @@ -56,10 +68,13 @@ MaxStartups PasswordAuthentication PermitEmptyPasswords + PermitListen PermitOpen PermitRootLogin + PermitTTY PermitTunnel PermitUserEnvironment + PermitUserRC PidFile Port PrintLastLog @@ -67,15 +82,20 @@ Protocol PubkeyAcceptedKeyTypes PubkeyAuthentication + RekeyLimit RevokedKeys RhostsRSAAuthentication RSAAuthentication SACLSupport ServerKeyBits + SetEnv + StreamLocalBindMask + StreamLocalBindUnlink StrictModes SyslogFacility TCPKeepAlive TrustedUserCAKeys + UseBlacklist UseDNS UseLogin UsePAM