16.147. cdist-type__sshd_config(7)¶
16.147.1. NAME¶
cdist-type__sshd_config - Manage options in sshd_config
16.147.2. DESCRIPTION¶
This space intentionally left blank.
16.147.3. REQUIRED PARAMETERS¶
None.
16.147.4. OPTIONAL PARAMETERS¶
- file
The path to the sshd_config file to edit. Defaults to
/etc/ssh/sshd_config
.- match
Restrict this option to apply only for certain connections. Allowed values are what would be allowed to be written after a
Match
keyword insshd_config
, e.g.--match 'User anoncvs'
.Can be used multiple times. All of the values are ANDed together.
- option
The name of the option to manipulate. Defaults to
__object_id
.- state
Can be:
present
: ensure a matching config line is present (or the default value).absent
: ensure no matching config line is present.
- value
The option's value to be assigned to the option (if
--state present
) or removed (if--state absent
).This option is required if
--state present
. If not specified and--state absent
, all values for the given option are removed.
16.147.5. BOOLEAN PARAMETERS¶
None.
16.147.6. EXAMPLES¶
# Disallow root logins with password
__sshd_config PermitRootLogin --value without-password
# Disallow password-based authentication
__sshd_config PasswordAuthentication --value no
# Accept the EDITOR environment variable
__sshd_config AcceptEnv:EDITOR --option AcceptEnv --value EDITOR
# Force command for connections as git user
__sshd_config git@ForceCommand --match 'User git' --option ForceCommand \
--value 'cd ~git && exec git-shell ${SSH_ORIGINAL_COMMAND:+-c "${SSH_ORIGINAL_COMMAND}"}'
16.147.7. SEE ALSO¶
sshd_config(5)
16.147.8. BUGS¶
This type assumes a nicely formatted config file, i.e. no config options spanning multiple lines.
Include
directives are ignored.Config options are not added/removed to/from the config file if their value is the default value.
- The explorer will incorrectly report
absent
if OpenSSH internally transforms one value to another (e.g.permitrootlogin prohibit-password
is transformed topermitrootlogin without-password
).Workaround: Use the value that OpenSSH uses internally.
16.147.9. AUTHORS¶
Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
16.147.10. COPYING¶
Copyright (C) 2020 Dennis Camera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.