Sha256: 7a881ebfb675c03aef09dc6de97564d4c7860b900d4ac7f377e28ebb11f2f283
Contents?: true
Size: 1.93 KB
Versions: 13
Compression:
Stored size: 1.93 KB
Contents
---
title: About the ssh_config Resource
---
# ssh_config
Use the `ssh_config` InSpec audit resource to test OpenSSH client configuration data located at `/etc/ssh/ssh_config` on Linux and Unix platforms.
<br>
## Syntax
An `ssh_config` resource block declares the client OpenSSH configuration data to be tested:
describe ssh_config('path') do
its('name') { should include('foo') }
end
where
* `name` is a configuration setting in `ssh_config`
* `('path')` is the non-default `/path/to/ssh_config`
* `{ should include('foo') }` tests the value of `name` as read from `ssh_config` versus the value declared in the test
<br>
## Examples
The following examples show how to use this InSpec audit resource.
### Test SSH configuration settings
describe ssh_config do
its('cipher') { should contain '3des' }
its('port') { should eq '22' }
its('hostname') { should include('example.com') }
end
### Test which variables from the local environment are sent to the server
only_if do
command('sshd').exist? or command('ssh').exists?
end
describe ssh_config do
its('SendEnv') { should include('GORDON_CLIENT') }
end
### Test owner and group permissions
describe ssh_config do
its('owner') { should eq 'root' }
its('mode') { should cmp '0644' }
end
### Test SSH configuration
describe ssh_config do
its('Host') { should eq '*' }
its('Tunnel') { should eq nil }
its('SendEnv') { should eq 'LANG LC_*' }
its('HashKnownHosts') { should eq 'yes' }
end
<br>
## Matchers
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### name
The `name` matcher tests the value of `name` as read from `ssh_config` versus the value declared in the test:
its('name') { should eq 'foo' }
or:
its('name') { should include('bar') }
Version data entries
13 entries across 13 versions & 1 rubygems