OpenBSD support

[phihos]

Hi,

I would like to implement OpenBSD support. I have seen that a FreeBSD PR (#180) has been rejected in the past. I really want to do this right and wanted to ask what a PR should contain to be accepted. Aside from the change itself there must be unit tests for that OS right? Anything else I should consider?

Edit: I could also provide beaker/litmus tests if that helps. Edit2: There seems to be a lot of overlap with #185. Should I build on-top of that?

[ghoneycutt]

Hi @phihos

Thank you for your interest in adding OpenBSD support. It needs to have tests that use the default ssh_config and sshd_config from a default, vanilla install. It should be added in the spec tests to the os matrix (https://github.com/ghoneycutt/puppet-module-ssh/blob/master/spec/classes/init_spec.rb#L35), the metadata (https://github.com/ghoneycutt/puppet-module-ssh/blob/master/metadata.json) and the README (https://github.com/ghoneycutt/puppet-module-ssh/blob/master/README.md#compatibility).

[phihos]

Ok, that should be easy since the default config contains only commented lines.

[phihos]

The unit tests for Suse seem to be broken:

• default_sshd_config_serverkeybits is missing for i386 variants
• Suse-12 gets the line Subsystem sftp /usr/lib64/ssh/sftp-server but expects Subsystem sftp /usr/lib/ssh/sftp-server
• Suse-15 expects ServerKeyBits 1024 but has default_sshd_config_serverkeybits explicitly set to undef

Especially on the last two points I have a hard time to determine whether the test or the manifest is broken. I will continue the implementation pretending that these tests pass for now.

[phihos]

Regarding the OpenBSD unit tests:

This is the default config: https://github.com/openbsd/src/blob/bdfa5c1b5082a4d5041f6737b122c85e3a4112da/usr.bin/ssh/sshd_config

It contains or omits lines that are hard coded in the template like tis line that is different

#   $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $

or these hard coded lines that are omitted

#Protocol 2,1
Protocol 2

How should I proceed? I could either alter the templates or the test config.

[ghoneycutt]

Your fixture will need to have the comment header block from the template at the top.

[phihos]

Yes I did that already. What about the lines I mentioned in the comment above?

[ghoneycutt]

You'll need to strip out the other contents as the template will not make them.

[phihos]

Thanks and what about content that is not present in the fixture but is generated by the template like the Protocol 2 line for example?

[ghoneycutt]

Closing due to age. The module has undergone a major release and now supports every documented configuration parameter for OpenSSH. The module also allows for custom entries to future proof functionality and support other SSH implementations. See UPGRADING.md.

We would welcome support for BSD and now that the module is cleaned up, this would be easier to get through.