[chef] Re: openssh Cookbook - why default attribute default['openssh']['client']['host'] = '*' - override?

[Alexander Skwar < >]

Hi again

Hm. I guess, I'm doing something wrong… Now my ssh_config looks like this:

$ cat /etc/ssh/ssh_config 

# This file was generated by Chef for host

# Do NOT modify this file by hand!

Host *

Host foo

PubkeyAuthentication no

HostKeyAlgorithms ssh-dss

Host bar

HostKeyAlgorithms ssh-dss

GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts

PubkeyAuthentication yes

VerifyHostKeyDNS no

#VerifyHostKeyDNS:No-SonstIstEsZuLangsam no

HostKeyAlgorithms ssh-rsa,ssh-dss

ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h

That's clearly not, what I want.

In my own cookbook, I've got this attributes/default.rb file:

default['openssh']['client']['foo'] = {

    'pubkey_authentication' => 'no',

    'host_key_algorithms' => 'ssh-dss'

}

default['openssh']['client']['bar'] = {

    'host_key_algorithms' => 'ssh-dss'

}

default['openssh']['client']['global_known_hosts_file'] = '/var/lib/sss/pubconf/known_hosts'

default['openssh']['client']['pubkey_authentication'] = 'yes'

default['openssh']['client']['verify_host_key_d_n_s'] = 'no'

default['openssh']['client']['#_verify_host_key_d_n_s_:_no_-_sonst_ist_es_zu_langsam'] = 'no'

default['openssh']['client']['host_key_algorithms'] = 'ssh-rsa,ssh-dss'

default['openssh']['client']['proxy_command'] = '/usr/bin/sss_ssh_knownhostsproxy -p %p %h'

#default['openssh']['client']['*'] = {}

# EOF

I would not have expected, that my "default" settings (eg. proxy_command to take just one example) is below "Host bar". As it is not in any Host hash, I would've expected, that the setting would've been above all the "Host …" blocks or maybe in the "Host *" block.

How to do it correctly? 

When I move my "default lines" ABOVE all the "Host" lines (default['openssh']['client']['foo'] and default['openssh']['client']['bar']), then the generated ssh_config is good. Don't know, but that does not feel right.

Regards,

Alexander

2015-09-22 16:37 GMT+02:00 Alexander Skwar < " target="_blank"> >:

Hello

In the openssh Cookbook from Supermarket @ supermarket.chef.io/cookbooks/openssh, the attributes file for the "client section" contains this:

default['openssh']['client']['host'] = '*'

See github.com/chef-cookbooks/openssh/blob/master/attributes/default.rb#L57

​Short question: How do I get rid of this, without having to modify the openssh/attributes/default.rb file; ie. from my own cookbook, which has a "include_recipe "openssh"" somewhere.​

​Because of that, the generated /etc/ssh/ssh_config file contains at least this:

$ cat /etc/ssh/ssh_config 

# This file was generated by Chef for host

# Do NOT modify this file by hand!

Host *

​

Ie., there's at least a "Host *" entry. And the way I have it now, all my attributes are below that; ie. my ssh_config file reads:

$ cat /etc/ssh/ssh_config 

# This file was generated by Chef for host

# Do NOT modify this file by hand!

Host *

GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts

PubkeyAuthentication yes

VerifyHostKeyDNS no

#VerifyHostKeyDNS:No-SonstIstEsZuLangsam no

HostKeyAlgorithms ssh-rsa,ssh-dss

ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h

That's not quite what I want. I don't want that "Host *" line there.

Thanks a lot,

Alexander
-- 
=>        Google+ => http://plus.skwar.me         <==
=> Chat (Jabber/Google Talk) => 
 
 " target="_blank">
  <==

--

Alexander
-- 
=>        Google+ => http://plus.skwar.me         <==
=> Chat (Jabber/Google Talk) => 
 
 " target="_blank">
  <==