The main ssh class has the parameter server_options: # @param options # Dynamic hash for openssh server option
ssh::server_options: AuthorizedKeysCommand: ‘/path/to/command’ If you are using ssh::server class, the parameter ssh::server::options must be used. > On 2. May 2023, at 17:29, Laci D <[email protected]> wrote: > > Thank you Martin, adding the following example to my nodes/myserversfqdn.yaml > did it for me. > > ssh::server::match_block: > '*,!that_other_group': > type: group > options: > ForceCommand: '/usr/bin/kpasswd' > > I have another question, how can I specify different values in Hiera for > different operating systems? > > For example AuthorizedKeysCommand needs a different value in Linux and > FreeBSD? > > On Tuesday, May 2, 2023 at 3:51:20 AM UTC-4 Martin Alfke wrote: >> Hi, >> >> Ssh::server class has a parameter called “match_block” which calls a defined >> type: >> https://github.com/saz/puppet-ssh/blob/master/manifests/server/match_block.pp >> >> The defined type uses a template: >> https://github.com/saz/puppet-ssh/blob/master/templates/sshd_match_block.erb >> >> A hiera example is in the docs: >> https://forge.puppet.com/modules/saz/ssh/readme#hiera-example >> >> Hth, >> Martin >> >> >> >>> On 1. May 2023, at 23:08, Laci D <[email protected] <>> wrote: >>> >> >>> Hi, >>> >>> I'm using saz-ssh to configure sshd_config, options are stored in Hiera. I >>> didn't find the way how to implement "Match user/group", for example: >>> >>> Match group *, !not_that_group >>> 'ForceCommand' => 'internal-sftp', >>> >>> I did see the example <https://forge.puppet.com/modules/saz/ssh/readme> but >>> when I add that to my manifests/profiles/ssh.pp then Puppet is complaining >>> and I'm not seeing how to configure it using Hiera. >>> >>> Any ideas? >>> >>> >> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected] <>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/puppet-users/0f953ebb-ee44-481b-81da-639ade904c8bn%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/puppet-users/0f953ebb-ee44-481b-81da-639ade904c8bn%40googlegroups.com?utm_medium=email&utm_source=footer>. >> > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/7ea988f3-c68d-45f7-a7f8-cf37929a09fcn%40googlegroups.com > > <https://groups.google.com/d/msgid/puppet-users/7ea988f3-c68d-45f7-a7f8-cf37929a09fcn%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/C14BD0DC-FB34-4E85-8C0B-A7112DF4ABBF%40gmail.com.
