Add support for HostKeyAlgorithms or config options not in template

[54-68-65-20-53-74-61-67]

Hey,

I've been puzzling over this all day, the only option missing is a way to restrict HostKeyAlgorithms similar to ciphers/kex/macs.

I need to be able to add this line:

HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa

I'm not very proficient with git, but I could look into the code tomorrow and see if I can provide something.

Any help would be greatly appreciated!

Cheers.

[54-68-65-20-53-74-61-67]

Here is what I came up with:

init.pp

  $ssh_config_hostkeyalgorithms          = undef,
  $sshd_config_hostkeyalgorithms         = undef,

  [...]

  if $ssh_config_hostkeyalgorithms != undef {
    validate_array($ssh_config_hostkeyalgorithms)
  }

  if $sshd_config_hostkeyalgorithms != undef {
    validate_array($sshd_config_hostkeyalgorithms)
  }

ssh_config.erb

<% if @ssh_config_hostkeyalgorithms -%>
  HostKeyAlgorithms <%= @ssh_config_hostkeyalgorithms.join(',') %>
<% end -%>

sshd_config.erb

<% if @sshd_config_hostkeyalgorithms -%>
HostKeyAlgorithms <%= @sshd_config_hostkeyalgorithms.join(',') %>
<% end -%>

README.md

ssh_config_hostkeyalgorithms
---------------
Array of hostkey algorithms to be used with the HostKeyAlgorithms option in ssh_config.

- *Default*: undef

[...]

sshd_config_hostkeyalgorithms
---------------
Array of hostkey algorithms to be used with the HostKeyAlgorithms option in sshd_config.

- *Default*: undef

I've tested this in my testlab puppet 5.5 master and it passes.

Cheers!

[16c7x]

@pynixadm Have you put a pull request in for this change?

[Phil-Friderici]

Functionality to set HostKeyAlgorithms via $ssh::server::host_key_algorithms was added with v4. Please re-open if this doesn't fit your use case.