From 1b4f5d0ec610743f32ac1de0c918cf39fd104575 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Mon, 6 Nov 2017 10:47:36 +0100 Subject: [PATCH] Ensure sshd has proper configuration for its HostKey. Since DSA is deprecated, sshd doesn't generate it anymore, though it still wants to load it at startup. Adding the HostKey options should prevent that, and allow to get cleaner logs in the CI (and on deployed openstack as well ;). Change-Id: I5580fa86f8adef7d598b76836a0419b341a8bc9c Closes-Bug: 1730351 --- manifests/profile/base/sshd.pp | 10 +++ .../classes/tripleo_profile_base_sshd_spec.rb | 74 ++++++++++++++++--- 2 files changed, 72 insertions(+), 12 deletions(-) diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp index 22520e917..3ab2a3d73 100644 --- a/manifests/profile/base/sshd.pp +++ b/manifests/profile/base/sshd.pp @@ -79,8 +79,18 @@ class tripleo::profile::base::sshd ( $sshd_options_port = {'Port' => unique(any2array($port))} } + # Prevent error messages on sshd startup + $basic_options = { + 'HostKey' => [ + '/etc/ssh/ssh_host_rsa_key', + '/etc/ssh/ssh_host_ecdsa_key', + '/etc/ssh/ssh_host_ed25519_key', + ] + } + $sshd_options = merge( $options, + $basic_options, $sshd_options_banner, $sshd_options_motd, $sshd_options_port diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb index 6333e6bff..768317eb1 100644 --- a/spec/classes/tripleo_profile_base_sshd_spec.rb +++ b/spec/classes/tripleo_profile_base_sshd_spec.rb @@ -26,8 +26,13 @@ describe 'tripleo::profile::base::sshd' do it do is_expected.to contain_class('ssh::server').with({ 'storeconfigs_enabled' => false, - 'options' => { - 'Port' => [22] + 'options' => { + 'Port' => [22], + 'HostKey' => [ + '/etc/ssh/ssh_host_rsa_key', + '/etc/ssh/ssh_host_ecdsa_key', + '/etc/ssh/ssh_host_ed25519_key', + ], } }) is_expected.to_not contain_file('/etc/issue') @@ -42,7 +47,12 @@ describe 'tripleo::profile::base::sshd' do is_expected.to contain_class('ssh::server').with({ 'storeconfigs_enabled' => false, 'options' => { - 'Port' => [22] + 'Port' => [22], + 'HostKey' => [ + '/etc/ssh/ssh_host_rsa_key', + '/etc/ssh/ssh_host_ecdsa_key', + '/etc/ssh/ssh_host_ed25519_key', + ], } }) is_expected.to_not contain_file('/etc/issue') @@ -57,7 +67,12 @@ describe 'tripleo::profile::base::sshd' do is_expected.to contain_class('ssh::server').with({ 'storeconfigs_enabled' => false, 'options' => { - 'Port' => [123] + 'Port' => [123], + 'HostKey' => [ + '/etc/ssh/ssh_host_rsa_key', + '/etc/ssh/ssh_host_ecdsa_key', + '/etc/ssh/ssh_host_ed25519_key', + ], } }) end @@ -69,7 +84,12 @@ describe 'tripleo::profile::base::sshd' do is_expected.to contain_class('ssh::server').with({ 'storeconfigs_enabled' => false, 'options' => { - 'Port' => [456, 123] + 'Port' => [456, 123], + 'HostKey' => [ + '/etc/ssh/ssh_host_rsa_key', + '/etc/ssh/ssh_host_ecdsa_key', + '/etc/ssh/ssh_host_ed25519_key', + ], } }) end @@ -81,7 +101,12 @@ describe 'tripleo::profile::base::sshd' do is_expected.to contain_class('ssh::server').with({ 'storeconfigs_enabled' => false, 'options' => { - 'Port' => [123] + 'Port' => [123], + 'HostKey' => [ + '/etc/ssh/ssh_host_rsa_key', + '/etc/ssh/ssh_host_ecdsa_key', + '/etc/ssh/ssh_host_ed25519_key', + ], } }) end @@ -94,7 +119,12 @@ describe 'tripleo::profile::base::sshd' do 'storeconfigs_enabled' => false, 'options' => { 'Banner' => '/etc/issue.net', - 'Port' => [22] + 'Port' => [22], + 'HostKey' => [ + '/etc/ssh/ssh_host_rsa_key', + '/etc/ssh/ssh_host_ecdsa_key', + '/etc/ssh/ssh_host_ed25519_key', + ], } }) is_expected.to contain_file('/etc/issue').with({ @@ -120,7 +150,12 @@ describe 'tripleo::profile::base::sshd' do 'storeconfigs_enabled' => false, 'options' => { 'Port' => [22], - 'PrintMotd' => 'yes' + 'PrintMotd' => 'yes', + 'HostKey' => [ + '/etc/ssh/ssh_host_rsa_key', + '/etc/ssh/ssh_host_ecdsa_key', + '/etc/ssh/ssh_host_ed25519_key', + ], } }) is_expected.to contain_file('/etc/motd').with({ @@ -141,7 +176,12 @@ describe 'tripleo::profile::base::sshd' do 'storeconfigs_enabled' => false, 'options' => { 'Port' => [22], - 'X11Forwarding' => 'no' + 'X11Forwarding' => 'no', + 'HostKey' => [ + '/etc/ssh/ssh_host_rsa_key', + '/etc/ssh/ssh_host_ecdsa_key', + '/etc/ssh/ssh_host_ed25519_key', + ], } }) is_expected.to_not contain_file('/etc/motd') @@ -161,7 +201,12 @@ describe 'tripleo::profile::base::sshd' do 'options' => { 'Banner' => '/etc/issue.net', 'Port' => [22], - 'PrintMotd' => 'yes' + 'PrintMotd' => 'yes', + 'HostKey' => [ + '/etc/ssh/ssh_host_rsa_key', + '/etc/ssh/ssh_host_ecdsa_key', + '/etc/ssh/ssh_host_ed25519_key', + ], } }) is_expected.to contain_file('/etc/motd').with({ @@ -192,7 +237,7 @@ describe 'tripleo::profile::base::sshd' do :options => { 'Port' => [22], 'PrintMotd' => 'no', # this should be overridden - 'X11Forwarding' => 'no' + 'X11Forwarding' => 'no', } }} it do @@ -202,7 +247,12 @@ describe 'tripleo::profile::base::sshd' do 'Banner' => '/etc/issue.net', 'Port' => [22], 'PrintMotd' => 'yes', - 'X11Forwarding' => 'no' + 'X11Forwarding' => 'no', + 'HostKey' => [ + '/etc/ssh/ssh_host_rsa_key', + '/etc/ssh/ssh_host_ecdsa_key', + '/etc/ssh/ssh_host_ed25519_key', + ], } }) is_expected.to contain_file('/etc/motd').with({