Add Ubuntu 20.04 support

[ghoneycutt]

Thanks for the contribution! Are these fixtures from a default, stock install of the platform?

[ghoneycutt]

I just merged Debian 10 access which has a small merge conflict. Could you please rebase and I'll get this going.

[mergwyn]

I just copied the 18.04 settings across. I tried it on the two 20.04 machines I have so far (1 physical, 1 lxc, both fresh install) with no apparent issues. I’ll get on to rebasing.

[ghoneycutt]

Were the fixtures files coped from 18 or are they from an actual 20.04 system?

[mergwyn]

Copied from 18

[mergwyn]

How do I generate fixtures from a 20.04 system?

[ghoneycutt]

You copy the actual ssh_config and sshd_config files.

[mergwyn]

I've copied across clean versions of the config files. Do I then need to fix the defaults in init.pp to match the fixtures?

[ghoneycutt]

Yep :)

[mergwyn]

The issue I am having is that Canonical has tidied up the two config files and left many options disabled by default. As an example, the non comment lines in 20.04 sshd_config are:

Include /etc/ssh/sshd_config.d/*.conf
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem   sftp    /usr/lib/openssh/sftp-server

So not much is enabled out of the box. The equivalent for 18.04 is:

Port 22
Protocol 2
AddressFamily any
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
PubkeyAuthentication yes
HostbasedAuthentication no
IgnoreUserKnownHosts no
IgnoreRhosts yes
PasswordAuthentication yes
ChallengeResponseAuthentication yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
AllowTcpForwarding yes
X11Forwarding yes
X11UseLocalhost yes
PrintMotd yes
TCPKeepAlive yes
ClientAliveInterval 0
ClientAliveCountMax 3
UseDNS yes
PermitTunnel no
Banner none
Subsystem sftp /usr/lib/openssh/sftp-server

In order to achieve this significant extensions would be required to the module (eg allowing many more options to be unset completely, potentially disrupting support for other OS. My instinct is not to do this! I'd really welcome some guidance on how to proceed. Thanks

[dsundq]

Hi, We are interested to get ssh module working with Ubuntu 20.04, any updates? Thanks :)

[mergwyn]

I’ll try and get this finalised and submitted for @ghoneycutt to review this week.

[mergwyn]

I've taken aligning the fixtures version of the config files as far as I can without significant rework and refactoring across the module. As I said in an an earlier comment Ubuntu 20.04 has cleaned up the ssh and ssh config files and not included settings where they are the same as defaults (shown as comments). As far as I can tell there is no functional differences between the 20.04 defaults and the settings produced by this module.

Here are some of the differences that I have not addressed. ssh_confg: 

20.04 has ’Host *’ before all settings - the template is not set up in this way

sshd_config: No easy way to unset port 22 There is currently no way to set these variables:

• Procotol
• AcceptEnv LANG

There is currently no way to set OS specific default values for:

• Syslog Facility
• LogLevel
• LoginGraceTime
• PermitRootLogin
• PubkeyAuthentication
• HostbasedAuthentication
• IgnoreUserKnownHosts
• IgnoreRhosts
• PasswordAuthentication
• ChallengeResponseAuthentication
• GSSAPIAuthentication
• AllowTcpForwarding
• X11Forwarding
• X11UseLocalhost
• PrintMotd
• ClientAliveInterval
• ClientAliveCountMax
• Banner

Some have comments inside conditional and so you can’t undef them without removing the comments and requiring other fixture config files to be update:

• AddressFamily
• GSSAPICleanupCredentials
• UsePAM
• UseDNS

[mergwyn]

Hi, the checks are finally passing after lots of problems trying to squash the commits into 1. Are you able to do a merge and squash via the web interface when you are happy, or do you need me to do something to tidy up the history? If the latter, what, as I seem to be getting myself into a mess trying this!

[mergwyn]

BTW, my master branch now has this branch squashed into a single commit but I don't know if it is possible to change the branch that this PR points to.

[anders-larsson]

@ghoneycutt Can you have another look? What's missing if anything? Thanks!

[raoulbhatia]

I'd also like to see Ubuntu 20.04 support but am not sure which changes should now be reviewed / merged.

mergwyn:PR343_merge or mergwyn:master?

Raoul

[mergwyn]

PR343_merge please

[ghoneycutt]

Thanks @mergwyn !!

[ghoneycutt]

Released as v3.62.0