Sha256: 1f9f491854f087814903af4d1b2253996f645467ed8722a98c5080b08e2bb4fc

Contents?: true

Size: 1.93 KB

Versions: 20

Compression:

Stored size: 1.93 KB

Contents

---
title: About the ssh_config Resource
platform: linux
---

# ssh_config

Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms.

<br>

## Availability

### Installation

This resource is distributed along with InSpec itself. You can use it automatically.

### Version

This resource first became available in v1.0.0 of InSpec.

## Syntax

An `ssh_config` resource block declares the client OpenSSH configuration data to be tested:

    describe ssh_config('path') do
      its('name') { should include('foo') }
    end

where

* `name` is a configuration setting in `ssh_config`
* `('path')` is the non-default `/path/to/ssh_config`
* `{ should include('foo') }` tests the value of `name` as read from `ssh_config` versus the value declared in the test

<br>

## Examples

The following examples show how to use this InSpec audit resource.

### Test SSH configuration settings

    describe ssh_config do
      its('cipher') { should contain '3des' }
      its('port') { should eq '22' }
      its('hostname') { should include('example.com') }
    end

### Test which variables from the local environment are sent to the server

    only_if do
      command('sshd').exist? or command('ssh').exists?
    end

    describe ssh_config do
      its('SendEnv') { should include('GORDON_CLIENT') }
    end

### Test SSH configuration

    describe ssh_config do
      its('Host') { should eq '*' }
      its('Tunnel') { should eq nil }
      its('SendEnv') { should eq 'LANG LC_*' }
      its('HashKnownHosts') { should eq 'yes' }
    end

<br>

## Matchers

For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

### name

The `name` matcher tests the value of `name` as read from `ssh_config` versus the value declared in the test:

    its('name') { should eq 'foo' }

or:

    its('name') { should include('bar') }

Version data entries

20 entries across 20 versions & 2 rubygems

Version Path
inspec-core-2.3.10 docs/resources/ssh_config.md.erb
inspec-2.3.10 docs/resources/ssh_config.md.erb
inspec-core-2.3.5 docs/resources/ssh_config.md.erb
inspec-2.3.5 docs/resources/ssh_config.md.erb
inspec-core-2.3.4 docs/resources/ssh_config.md.erb
inspec-2.3.4 docs/resources/ssh_config.md.erb
inspec-core-2.2.112 docs/resources/ssh_config.md.erb
inspec-2.2.112 docs/resources/ssh_config.md.erb
inspec-core-2.2.102 docs/resources/ssh_config.md.erb
inspec-2.2.102 docs/resources/ssh_config.md.erb
inspec-core-2.2.101 docs/resources/ssh_config.md.erb
inspec-2.2.101 docs/resources/ssh_config.md.erb
inspec-core-2.2.78 docs/resources/ssh_config.md.erb
inspec-2.2.78 docs/resources/ssh_config.md.erb
inspec-core-2.2.70 docs/resources/ssh_config.md.erb
inspec-2.2.70 docs/resources/ssh_config.md.erb
inspec-core-2.2.64 docs/resources/ssh_config.md.erb
inspec-2.2.64 docs/resources/ssh_config.md.erb
inspec-core-2.2.61 docs/resources/ssh_config.md.erb
inspec-2.2.61 docs/resources/ssh_config.md.erb