Authorized keys custom path

[lubomir-kacalek]

Hi,
this propposed change allow to have configured a custom authorized key file path for an ssh server.
Thanks.
Lubomir Kacalek

[coveralls]

Coverage remained the same at 100.0% when pulling 73e8996 on lubomir-kacalek:master into d4dc236 on dev-sec:master.

[artem-sidorenko]

@lubomir-kacalek hey Lubos :) Thanks for the PR!

• Could you please add the tests for this option? (see Tests for GH-131 and GH-132 #155 as example)

• Could you please add the documentation to the README.md?

[artem-sidorenko]

you do not need != nil here

[artem-sidorenko]

@lubomir-kacalek I would like to release the next minor version after #173 is merged, do you think you will be able to update this PR in the next days, so we can include it in the release?

[artem-sidorenko]

@lubomir-kacalek as discussed, the tests might look like this (in the spec/recipes/server_spec.rb)

describe 'customized AuthorizedKeysFile option' do
  context 'without customized AuthorizedKeysFile' do
      cached(:chef_run) do
        ChefSpec::ServerRunner.new.converge(described_recipe)
      end

      it 'does not have AuthorizedKeysFile configured' do
        expect(chef_run).not_to render_file('/etc/ssh/sshd_config').
          with_content(/^AuthorizedKeysFile/)
      end
  end

  context 'with customized AuthorizedKeysFile' do
      cached(:chef_run) do
        ChefSpec::ServerRunner.new do |node|
          node.normal['ssh-hardening']['ssh']['server']['authorized_keys_path'] = '/some/authorizedkeysfile'
        end.converge(described_recipe)
      end

      it 'has AuthorizedKeysFile configured' do
        expect(chef_run).to render_file('/etc/ssh/sshd_config').
          with_content(/^AuthorizedKeysFile /some/authorizedkeysfile/)
      end
  end
end

[artem-sidorenko]

@lubomir-kacalek its also possible to have it a bit simplier:

with_content('AuthorizedKeysFile /some/authorizedkeysfile')

instead of

with_content(/^AuthorizedKeysFile /some/authorizedkeysfile/)

and

with_content('AuthorizedKeysFile')

instead of

with_content(/^AuthorizedKeysFile/)

[atomic111]

@lubomir-kacalek can you please sign your pr?

[artem-sidorenko]

@lubomir-kacalek @atomic111 means to use the sign-off, e.g. git commit -s (see the man page for details)

[lubomir-kacalek]

Hi @artem-sidorenko,
required changes has been pushed to my fork. Thank you in advance for support with testing part :-)

@atomic111 : New commit has been signed off as well.

Best regards,

   Lubos

[artem-sidorenko]

@lubomir-kacalek I looks better, I resolved the conflicts to master

Can you please make the rubocop happy? There are some offenses

[artem-sidorenko]

@atomic111 any remarks to this PR?

I would like to merge it when rubocop is made happy and release the 2.1 of ssh-hardening

[coveralls]

Coverage remained the same at 100.0% when pulling 71b4f50 on lubomir-kacalek:master into eaf6c11 on dev-sec:master.

[artem-sidorenko]

@lubomir-kacalek thank you!

2.1 will be released today/tomorrow