The main ssh class has the parameter server_options: # @param options # Dynamic hash for openssh server option
ssh::server_options: AuthorizedKeysCommand: ‘/path/to/command’ If you are using ssh::server class, the parameter ssh::server::options must be used. > On 2. May 2023, at 17:29, Laci D <laci...@gmail.com> wrote: > > Thank you Martin, adding the following example to my nodes/myserversfqdn.yaml > did it for me. > > ssh::server::match_block: > '*,!that_other_group': > type: group > options: > ForceCommand: '/usr/bin/kpasswd' > > I have another question, how can I specify different values in Hiera for > different operating systems? > > For example AuthorizedKeysCommand needs a different value in Linux and > FreeBSD? > > On Tuesday, May 2, 2023 at 3:51:20 AM UTC-4 Martin Alfke wrote: >> Hi, >> >> Ssh::server class has a parameter called “match_block” which calls a defined >> type: >> https://github.com/saz/puppet-ssh/blob/master/manifests/server/match_block.pp >> >> The defined type uses a template: >> https://github.com/saz/puppet-ssh/blob/master/templates/sshd_match_block.erb >> >> A hiera example is in the docs: >> https://forge.puppet.com/modules/saz/ssh/readme#hiera-example >> >> Hth, >> Martin >> >> >> >>> On 1. May 2023, at 23:08, Laci D <lac...@gmail.com <>> wrote: >>> >> >>> Hi, >>> >>> I'm using saz-ssh to configure sshd_config, options are stored in Hiera. I >>> didn't find the way how to implement "Match user/group", for example: >>> >>> Match group *, !not_that_group >>> 'ForceCommand' => 'internal-sftp', >>> >>> I did see the example <https://forge.puppet.com/modules/saz/ssh/readme> but >>> when I add that to my manifests/profiles/ssh.pp then Puppet is complaining >>> and I'm not seeing how to configure it using Hiera. >>> >>> Any ideas? >>> >>> >> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to puppet-users...@googlegroups.com <>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/puppet-users/0f953ebb-ee44-481b-81da-639ade904c8bn%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/puppet-users/0f953ebb-ee44-481b-81da-639ade904c8bn%40googlegroups.com?utm_medium=email&utm_source=footer>. >> > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com > <mailto:puppet-users+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/7ea988f3-c68d-45f7-a7f8-cf37929a09fcn%40googlegroups.com > > <https://groups.google.com/d/msgid/puppet-users/7ea988f3-c68d-45f7-a7f8-cf37929a09fcn%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/C14BD0DC-FB34-4E85-8C0B-A7112DF4ABBF%40gmail.com.
