This works if I configure it for each individual server. Thank you!
I was wondering if there is a way to have a different path for
*AuthorizedKeysCommand
*based on the operating system rather than every single server?
I think an alternative could be in the manifest file something like:
case $::operatingsystem {
'freebsd': {
*somehow define AuthorizedKeysCommand:
‘/path/to/freebsd-command’*
}
'ubuntu': {
*somehow define AuthorizedKeysCommand:
‘/path/to/ubuntu-command’*
}
On Tuesday, May 2, 2023 at 2:04:16 PM UTC-4 Martin Alfke wrote:
> The main ssh class has the parameter server_options:
> # @param options
> # Dynamic hash for openssh server option
>
> ssh::server_options:
> AuthorizedKeysCommand: ‘/path/to/command’
>
> If you are using ssh::server class, the parameter ssh::server::options
> must be used.
>
>
> On 2. May 2023, at 17:29, Laci D <[email protected]> wrote:
>
> Thank you Martin, adding the following example to my
> *nodes/myserversfqdn.yaml* did it for me.
>
> ssh::server::match_block:
> '*,!that_other_group':
> type: group
> options:
> ForceCommand: '/usr/bin/kpasswd'
>
> I have another question, how can I specify different values in Hiera for
> different operating systems?
>
> For example *AuthorizedKeysCommand* needs a different value in Linux and
> FreeBSD?
>
> On Tuesday, May 2, 2023 at 3:51:20 AM UTC-4 Martin Alfke wrote:
>
>> Hi,
>>
>> Ssh::server class has a parameter called “match_block” which calls a
>> defined type:
>>
>> https://github.com/saz/puppet-ssh/blob/master/manifests/server/match_block.pp
>>
>> The defined type uses a template:
>>
>> https://github.com/saz/puppet-ssh/blob/master/templates/sshd_match_block.erb
>>
>> A hiera example is in the docs:
>> https://forge.puppet.com/modules/saz/ssh/readme#hiera-example
>>
>> Hth,
>> Martin
>>
>>
>> On 1. May 2023, at 23:08, Laci D <[email protected]> wrote:
>>
>> Hi,
>>
>> I'm using *saz-ssh* to configure sshd_config, options are stored in
>> Hiera. I didn't find the way how to implement "Match user/group", for
>> example:
>>
>> Match group *, !not_that_group
>> 'ForceCommand' => 'internal-sftp',
>>
>> I did see the example <https://forge.puppet.com/modules/saz/ssh/readme> but
>> when I add that to my manifests/profiles/ssh.pp then Puppet is
>> complaining and I'm not seeing how to configure it using Hiera.
>>
>> Any ideas?
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/0f953ebb-ee44-481b-81da-639ade904c8bn%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/puppet-users/0f953ebb-ee44-481b-81da-639ade904c8bn%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/7ea988f3-c68d-45f7-a7f8-cf37929a09fcn%40googlegroups.com
>
> <https://groups.google.com/d/msgid/puppet-users/7ea988f3-c68d-45f7-a7f8-cf37929a09fcn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4c77f527-6572-4357-863d-a827c93c663dn%40googlegroups.com.
