This works if I configure it for each individual server. Thank you!
I was wondering if there is a way to have a different path for
*AuthorizedKeysCommand
*based on the operating system rather than every single server?
I think an alternative could be in the manifest file something like:
case $::operatingsystem {
'freebsd': {
*somehow define AuthorizedKeysCommand:
‘/path/to/freebsd-command’*
}
'ubuntu': {
*somehow define AuthorizedKeysCommand:
‘/path/to/ubuntu-command’*
}
On Tuesday, May 2, 2023 at 2:04:16 PM UTC-4 Martin Alfke wrote:
> The main ssh class has the parameter server_options:
> # @param options
> # Dynamic hash for openssh server option
>
> ssh::server_options:
> AuthorizedKeysCommand: ‘/path/to/command’
>
> If you are using ssh::server class, the parameter ssh::server::options
> must be used.
>
>
> On 2. May 2023, at 17:29, Laci D <lac...@gmail.com> wrote:
>
> Thank you Martin, adding the following example to my
> *nodes/myserversfqdn.yaml* did it for me.
>
> ssh::server::match_block:
> '*,!that_other_group':
> type: group
> options:
> ForceCommand: '/usr/bin/kpasswd'
>
> I have another question, how can I specify different values in Hiera for
> different operating systems?
>
> For example *AuthorizedKeysCommand* needs a different value in Linux and
> FreeBSD?
>
> On Tuesday, May 2, 2023 at 3:51:20 AM UTC-4 Martin Alfke wrote:
>
>> Hi,
>>
>> Ssh::server class has a parameter called “match_block” which calls a
>> defined type:
>>
>> https://github.com/saz/puppet-ssh/blob/master/manifests/server/match_block.pp
>>
>> The defined type uses a template:
>>
>> https://github.com/saz/puppet-ssh/blob/master/templates/sshd_match_block.erb
>>
>> A hiera example is in the docs:
>> https://forge.puppet.com/modules/saz/ssh/readme#hiera-example
>>
>> Hth,
>> Martin
>>
>>
>> On 1. May 2023, at 23:08, Laci D <lac...@gmail.com> wrote:
>>
>> Hi,
>>
>> I'm using *saz-ssh* to configure sshd_config, options are stored in
>> Hiera. I didn't find the way how to implement "Match user/group", for
>> example:
>>
>> Match group *, !not_that_group
>> 'ForceCommand' => 'internal-sftp',
>>
>> I did see the example <https://forge.puppet.com/modules/saz/ssh/readme> but
>> when I add that to my manifests/profiles/ssh.pp then Puppet is
>> complaining and I'm not seeing how to configure it using Hiera.
>>
>> Any ideas?
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/0f953ebb-ee44-481b-81da-639ade904c8bn%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/puppet-users/0f953ebb-ee44-481b-81da-639ade904c8bn%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users...@googlegroups.com.
>
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/7ea988f3-c68d-45f7-a7f8-cf37929a09fcn%40googlegroups.com
>
> <https://groups.google.com/d/msgid/puppet-users/7ea988f3-c68d-45f7-a7f8-cf37929a09fcn%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4c77f527-6572-4357-863d-a827c93c663dn%40googlegroups.com.
