Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-23 13:13:22 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/docs/resources/ssh_config.md.erb
David Wrede 9283f19b6e Changing headings to align with SEO best practices 
Signed-off-by: David Wrede <dwrede@chef.io>
2016-09-27 12:03:23 -07:00

94 lines
2 KiB
Text
Raw Blame History

---
title: About the ssh_config Resource
---
# ssh_config
Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms.
## Syntax
An `ssh_config` resource block declares the client OpenSSH configuration data to be tested:
describe ssh_config('path') do
its('name') { should include('foo') }
end
where
* `name` is a configuration setting in `ssh_config`
* `('path')` is the non-default `/path/to/ssh_config`
* `{ should include('foo') }` tests the value of `name` as read from `ssh_config` versus the value declared in the test
## Matchers
This InSpec audit resource has the following matchers:
### be
<%= partial "/shared/matcher_be" %>
### cmp
<%= partial "/shared/matcher_cmp" %>
### eq
<%= partial "/shared/matcher_eq" %>
### include
<%= partial "/shared/matcher_include" %>
### match
<%= partial "/shared/matcher_match" %>
### name
The `name` matcher tests the value of `name` as read from `ssh_config` versus the value declared in the test:
its('name') { should eq 'foo' }
or:
its('name') { should include('bar') }
## Examples
The following examples show how to use this InSpec audit resource.
### Test SSH configuration settings
describe ssh_config do
its('cipher') { should contain '3des' }
its('port') { should eq '22' }
its('hostname') { should include('example.com') }
end
### Test which variables from the local environment are sent to the server
only_if do
command('sshd').exist? or command('ssh').exists?
end
describe ssh_config do
its('SendEnv') { should include('GORDON_CLIENT') }
end
### Test owner and group permissions
describe ssh_config do
its('owner') { should eq 'root' }
its('mode') { should cmp '0644' }
end
### Test SSH configuration
describe ssh_config do
its('Host') { should eq '*' }
its('Tunnel') { should eq nil }
its('SendEnv') { should eq 'LANG LC_*' }
its('HashKnownHosts') { should eq 'yes' }
end
Reference in a new issue View git blame Copy permalink