Re: [Puppet Users] Update SSH Config File With Different Values

['Dan White' via Puppet Users]

I have had good luck with this Forge module. 

https://forge.puppet.com/saz/ssh

Try it out and see if it meets your needs. 
And, absolutely use Hiera.  Just set up a hierarchy that includes a node level, 
and your node-specific settings are handled. 

"Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us."
Bill Waterson (Calvin & Hobbes)

> On Jan 8, 2020, at 8:28 AM, Dan Crisp  wrote:
> 
> 
> Hi,
> 
> I'm looking for some advice on a best approach on a topic that I'm know where 
> near an expert in.  Should the following be dealt with via a template, hera 
> or something else?
> 
> Our goal is to deploy a standard SSH configuration across all servers albeit 
> some minor alternations to a handful.  All of our servers have the following 
> line:
> 
> ListenAddress xx.xx.xx
> 
> No problem there I can alter this simply enough on a per server/per IP bases.
> 
> The advise I'm looking for is how to handle the following scenario.  In some 
> cases, we allow password-less SSH access between servers via the following:
> 
> Match Address xx.xx.xx.xx
>  PermitRootLogin without-password
> 
> However in all instances where we declare the above, all IP addresses are 
> different.  For example: 
> 
> Server A:
>   Allows access from Server B via:
>Match Address Server B IP ADDR
>PermitRootLogin without-password
> 
> Server B:
>   Allows access from Server A via:
>Match Address Server A IP ADDR
>PermitRootLogin without-password
> 
> Is this achievable?  Looking forward to any advise that can help me out here.
> 
> Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/BEBF0F92-2CF0-4192-AAAE-DB7101037199%40icloud.com.

[Puppet Users] Wash 0.17.0 now available

[Puppet Product Updates]

Wash 0.17.0 is now available. This release adds the ability to write
content to existing AWS S3 and Google Cloud Storage objects. This is one we
plan to expand on as well with writing to other types of things and being
able to create new entries (so you can copy files and directories around).
See v0.17.0  for
detailed release notes.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CABy1mMKSC33-L8bDppyzCrtUEJrJB8m9oVUiT-b-%2BEVPWerHoQ%40mail.gmail.com.

[Puppet Users] Update SSH Config File With Different Values

[Dan Crisp]

Hi,

I'm looking for some advice on a best approach on a topic that I'm know 
where near an expert in.  Should the following be dealt with via a 
template, hera or something else?

Our goal is to deploy a standard SSH configuration across all servers 
albeit some minor alternations to a handful.  All of our servers have the 
following line:

ListenAddress xx.xx.xx

No problem there I can alter this simply enough on a per server/per IP 
bases.

The advise I'm looking for is how to handle the following scenario.  In 
some cases, we allow password-less SSH access between servers via the 
following:

Match Address xx.xx.xx.xx
 PermitRootLogin without-password

However in all instances where we declare the above, all IP addresses are 
different.  For example: 

Server A:
  Allows access from Server B via:
   Match Address *Server B IP ADDR*
   PermitRootLogin without-password

Server B:
  Allows access from Server A via:
   Match Address *Server A IP ADDR*
   PermitRootLogin without-password

Is this achievable?  Looking forward to any advise that can help me out 
here.

Thanks,
Dan.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cf8f69ed-d636-4482-a787-d92a1061b2b4%40googlegroups.com.