Update README for Extra Config Options

dev-sec · Mar 31, 2017 · e65f964 · e65f964
1 parent 71e661c
commit e65f964
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -124,6 +124,24 @@ Configure attributes:
 
 This will enable the SFTP Server and chroot every user in the `sftpusers` group to the `/home/sftp/%u` directory.
 
+## Extra Configuration Options
+Extra configuration options can be appended to the client or server configuration files.  This can be used to override statically set values, or add configuration options not otherwise available via attributes.
+
+The syntax is as follows:
+```
+# => Extra Server Configuration
+default['ssh-hardening']['ssh']['server']['extras'].tap do |extra|
+  extra['#Some Comment'] = 'Heres the Comment'
+  extra['AuthenticationMethods'] =  'publickey,keyboard-interactive'
+end
+
+# => Extra Client Configuration
+default['ssh-hardening']['ssh']['client']['extras'].tap do |extra|
+  extra['PermitLocalCommand'] = 'no'
+  extra['Tunnel'] =  'no'
+end
+```
+
 ## Local Testing
 
 For local testing you can use vagrant and Virtualbox of VMWare to run tests locally. You will have to install Virtualbox and Vagrant on your system. See [Vagrant Downloads](http://downloads.vagrantup.com/) for a vagrant package suitable for your system. For all our tests we use `test-kitchen`. If you are not familiar with `test-kitchen` please have a look at [their guide](http://kitchen.ci/docs/getting-started). We are writing our test with [InSpec](https://github.com/chef/inspec).