16.147. cdist-type__sshd_config(7)

16.147.1. NAME

cdist-type__sshd_config - Manage options in sshd_config

16.147.2. DESCRIPTION

This space intentionally left blank.

16.147.3. REQUIRED PARAMETERS

None.

16.147.4. OPTIONAL PARAMETERS

file

The path to the sshd_config file to edit. Defaults to /etc/ssh/sshd_config.

match

Restrict this option to apply only for certain connections. Allowed values are what would be allowed to be written after a Match keyword in sshd_config, e.g. --match 'User anoncvs'.

Can be used multiple times. All of the values are ANDed together.

option

The name of the option to manipulate. Defaults to __object_id.

state

Can be:

  • present: ensure a matching config line is present (or the default value).

  • absent: ensure no matching config line is present.

value

The option's value to be assigned to the option (if --state present) or removed (if --state absent).

This option is required if --state present. If not specified and --state absent, all values for the given option are removed.

16.147.5. BOOLEAN PARAMETERS

None.

16.147.6. EXAMPLES

# Disallow root logins with password
__sshd_config PermitRootLogin --value without-password

# Disallow password-based authentication
__sshd_config PasswordAuthentication --value no

# Accept the EDITOR environment variable
__sshd_config AcceptEnv:EDITOR --option AcceptEnv --value EDITOR

# Force command for connections as git user
__sshd_config git@ForceCommand --match 'User git' --option ForceCommand \
    --value 'cd ~git && exec git-shell ${SSH_ORIGINAL_COMMAND:+-c "${SSH_ORIGINAL_COMMAND}"}'

16.147.7. SEE ALSO

sshd_config(5)

16.147.8. BUGS

  • This type assumes a nicely formatted config file, i.e. no config options spanning multiple lines.

  • Include directives are ignored.

  • Config options are not added/removed to/from the config file if their value is the default value.

  • The explorer will incorrectly report absent if OpenSSH internally transforms one value to another (e.g. permitrootlogin prohibit-password is transformed to permitrootlogin without-password).
    Workaround: Use the value that OpenSSH uses internally.

16.147.9. AUTHORS

Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>

16.147.10. COPYING

Copyright (C) 2020 Dennis Camera. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.