Use OpenSSH default for UseDNS. Fixes #81

aried3r · aried3r · commit 0f2fbe376d8d · 2015-04-27T15:10:37.000+02:00
diff --git a/attributes/default.rb b/attributes/default.rb
@@ -65,6 +65,7 @@
 default['ssh']['allow_groups']            = []      # sshd
 default['ssh']['print_motd']              = false   # sshd
 default['ssh']['print_last_log']          = false   # sshd
-default['ssh']['use_dns']                 = true    # sshd
+# set this to nil to let us use the default OpenSSH in case it's not set by the user
+default['ssh']['use_dns']                 = nil     # sshd
 # set this to nil to let us detect the attribute based on the node platform
 default['ssh']['use_privilege_separation'] = nil
diff --git a/spec/recipes/server_spec.rb b/spec/recipes/server_spec.rb
@@ -473,13 +473,13 @@
   end
 
   context 'without attribute use_dns' do
-    it 'sets UseDNS to the default' do
+    it 'leaves UseDNS commented' do
       expect(chef_run).to render_file('/etc/ssh/sshd_config')
-        .with_content(/UseDNS yes/)
+        .with_content(/#UseDNS no/)
     end
   end
 
-  context 'with attribute use_dns' do
+  context 'with attribute use_dns set to false' do
     cached(:chef_run) do
       ChefSpec::ServerRunner.new do |node|
         node.set['ssh']['use_dns'] = false
@@ -491,4 +491,17 @@
         .with_content(/UseDNS no/)
     end
   end
+
+  context 'with attribute use_dns set to true' do
+    cached(:chef_run) do
+      ChefSpec::ServerRunner.new do |node|
+        node.set['ssh']['use_dns'] = true
+      end.converge(described_recipe)
+    end
+
+    it 'sets UseDNS correctly' do
+      expect(chef_run).to render_file('/etc/ssh/sshd_config')
+        .with_content(/UseDNS yes/)
+    end
+  end
 end
diff --git a/templates/default/opensshd.conf.erb b/templates/default/opensshd.conf.erb
@@ -185,7 +185,12 @@ X11UseLocalhost yes
 PrintMotd <%= ((@node['ssh']['print_motd']) ? 'yes' : 'no' ) %>
 PrintLastLog <%= ((@node['ssh']['print_last_log']) ? 'yes' : 'no' ) %>
 #Banner /etc/ssh/banner.txt
+<% if @node['ssh']['use_dns'].nil? %>
+# Since OpenSSH 6.8, this value defaults to 'no'
+#UseDNS no
+<% else %>
 UseDNS <%= ((@node['ssh']['use_dns']) ? 'yes' : 'no' ) %>
+<% end %>
 #PidFile /var/run/sshd.pid
 #MaxStartups 10
 #ChrootDirectory none
