From dc61e9c40cf230a8b090d01c05f2e6336fdb3201 Mon Sep 17 00:00:00 2001
From: Francisco <50325976+FcoCalero@users.noreply.github.com>
Date: Tue, 7 Oct 2025 15:59:46 +0200
Subject: [PATCH] Align SLES 15 SSH defaults with vendor templates

---
 data/os/SLES/15.yaml                      | 70 ++++-------------------
 metadata.json                             |  9 +++
 spec/classes/server_params_spec.rb        |  2 +-
 spec/fixtures/testing/SLES-15_ssh_config  | 10 ++++
 spec/fixtures/testing/SLES-15_sshd_config | 15 +++++
 5 files changed, 47 insertions(+), 59 deletions(-)
 create mode 100644 spec/fixtures/testing/SLES-15_ssh_config
 create mode 100644 spec/fixtures/testing/SLES-15_sshd_config

diff --git a/data/os/SLES/15.yaml b/data/os/SLES/15.yaml
index f9076d36..2e15ab25 100644
--- a/data/os/SLES/15.yaml
+++ b/data/os/SLES/15.yaml
@@ -1,72 +1,26 @@
 ---
 # (Suse) SLES 15 defaults in alphabetical order per class
 ssh::forward_x11_trusted: 'yes'
-ssh::gss_api_authentication: 'yes'
-ssh::hash_known_hosts: 'no'
 ssh::host: '*'
 ssh::packages:
   - 'openssh'
 ssh::send_env:
-  - 'LANG'
-  - 'LANGUAGE'
-  - 'LC_ADDRESS'
-  - 'LC_ALL'
-  - 'LC_COLLATE'
-  - 'LC_CTYPE'
-  - 'LC_IDENTIFICATION'
-  - 'LC_MEASUREMENT'
-  - 'LC_MESSAGES'
-  - 'LC_MONETARY'
-  - 'LC_NAME'
-  - 'LC_NUMERIC'
-  - 'LC_PAPER'
-  - 'LC_TELEPHONE'
-  - 'LC_TIME'
+  - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
+  - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
+  - 'LC_IDENTIFICATION LC_ALL'
 
 ssh::server::accept_env:
-  - 'LANG'
-  - 'LC_ADDRESS'
-  - 'LC_ALL'
-  - 'LC_COLLATE'
-  - 'LC_CTYPE'
-  - 'LC_IDENTIFICATION'
-  - 'LC_MEASUREMENT'
-  - 'LC_MESSAGES'
-  - 'LC_MONETARY'
-  - 'LC_NAME'
-  - 'LC_NUMERIC'
-  - 'LC_PAPER'
-  - 'LC_TELEPHONE'
-  - 'LC_TIME'
+  - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
+  - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
+  - 'LC_IDENTIFICATION LC_ALL'
+
+ssh::server::authorized_keys_file:
+  - '.ssh/authorized_keys'
+
+ssh::server::client_alive_interval: 180
 
-ssh::server::address_family: 'any'
-ssh::server::allow_tcp_forwarding: 'yes'
-ssh::server::banner: 'none'
-ssh::server::kbd_interactive_authentication: 'yes'
-ssh::server::client_alive_count_max: 3
-ssh::server::client_alive_interval: 0
-ssh::server::gss_api_authentication: 'yes'
-ssh::server::gss_api_cleanup_credentials: 'yes'
-ssh::server::hostbased_authentication: 'no'
-ssh::server::host_key:
-  - '/etc/ssh/ssh_host_rsa_key'
-ssh::server::ignore_rhosts: 'yes'
-ssh::server::ignore_user_known_hosts: 'no'
-ssh::server::login_grace_time: 120
-#ssh::server::packages:
-#  - 'openssh'
-ssh::server::password_authentication: 'yes'
 ssh::server::permit_root_login: 'yes'
-ssh::server::permit_tunnel: 'no'
-ssh::server::port:
-  - 22
-ssh::server::print_motd: 'yes'
-ssh::server::pubkey_authentication: 'yes'
+ssh::server::print_motd: 'no'
 ssh::server::subsystem: 'sftp /usr/lib/ssh/sftp-server'
-ssh::server::syslog_facility: 'AUTH'
-ssh::server::tcp_keep_alive: 'yes'
-ssh::server::use_dns: 'yes'
 ssh::server::use_pam: 'yes'
 ssh::server::x11_forwarding: 'yes'
-ssh::server::x11_use_localhost: 'yes'
-ssh::server::xauth_location: '/usr/bin/xauth'
diff --git a/metadata.json b/metadata.json
index 79623ff3..0670d8bf 100644
--- a/metadata.json
+++ b/metadata.json
@@ -69,6 +69,15 @@
         "9"
       ]
     },
+    {
+      "operatingsystem": "SLES",
+      "operatingsystemrelease": [
+        "10",
+        "11",
+        "12",
+        "15"
+      ]
+    },
     {
       "operatingsystem": "Scientific",
       "operatingsystemrelease": [
diff --git a/spec/classes/server_params_spec.rb b/spec/classes/server_params_spec.rb
index 29e6beb8..e7850386 100644
--- a/spec/classes/server_params_spec.rb
+++ b/spec/classes/server_params_spec.rb
@@ -135,7 +135,7 @@
   end
 
   ['SLED', 'SLES'].each do |name|
-    ['10', '11', '12'].each do |major|
+    ['10', '11', '12', '15'].each do |major|
       context "on #{name} #{major} with i386 architecture path for sftp subsystem is /usr/lib/ssh/sftp-server" do
         let(:facts) do
           {
diff --git a/spec/fixtures/testing/SLES-15_ssh_config b/spec/fixtures/testing/SLES-15_ssh_config
new file mode 100644
index 00000000..aa906fd4
--- /dev/null
+++ b/spec/fixtures/testing/SLES-15_ssh_config
@@ -0,0 +1,10 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+#
+# See https://man.openbsd.org/ssh_config for more info
+
+Host *
+  ForwardX11Trusted yes
+  SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+  SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+  SendEnv LC_IDENTIFICATION LC_ALL
diff --git a/spec/fixtures/testing/SLES-15_sshd_config b/spec/fixtures/testing/SLES-15_sshd_config
new file mode 100644
index 00000000..4380796d
--- /dev/null
+++ b/spec/fixtures/testing/SLES-15_sshd_config
@@ -0,0 +1,15 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+#
+# See https://man.openbsd.org/sshd_config for more info
+
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL
+AuthorizedKeysFile .ssh/authorized_keys
+ClientAliveInterval 180
+PermitRootLogin yes
+PrintMotd no
+Subsystem sftp /usr/lib/ssh/sftp-server
+UsePAM yes
+X11Forwarding yes