Provided by: cdist_7.0.0-5_all bug

NAME

       cdist-type__sshd_config - Manage options in sshd_config

DESCRIPTION

       This space intentionally left blank.

REQUIRED PARAMETERS

       None.

OPTIONAL PARAMETERS

       file   The path to the sshd_config file to edit.  Defaults to /etc/ssh/sshd_config.

       match  Restrict  this  option  to  apply only for certain connections.  Allowed values are
              what would be allowed to be written after a  Match  keyword  in  sshd_config,  e.g.
              --match 'User anoncvs'.

              Can be used multiple times. All of the values are ANDed together.

       option The name of the option to manipulate. Defaults to __object_id.

       state  Can be:

              • present: ensure a matching config line is present (or the default value).

              • absent: ensure no matching config line is present.

       value  The option's value to be assigned to the option (if --state present) or removed (if
              --state absent).

              This option is required if --state present. If not specified  and  --state  absent,
              all values for the given option are removed.

BOOLEAN PARAMETERS

       None.

EXAMPLES

          # Disallow root logins with password
          __sshd_config PermitRootLogin --value without-password

          # Disallow password-based authentication
          __sshd_config PasswordAuthentication --value no

          # Accept the EDITOR environment variable
          __sshd_config AcceptEnv:EDITOR --option AcceptEnv --value EDITOR

          # Force command for connections as git user
          __sshd_config git@ForceCommand --match 'User git' --option ForceCommand \
              --value 'cd ~git && exec git-shell ${SSH_ORIGINAL_COMMAND:+-c "${SSH_ORIGINAL_COMMAND}"}'

SEE ALSO

       sshd_config(5)

BUGS

       • This  type  assumes  a  nicely  formatted  config  file, i.e. no config options spanning
         multiple lines.

       • Include directives are ignored.

       • Config options are not added/removed to/from the config  file  if  their  value  is  the
         default value.

       •
         The explorer will incorrectly report absent if OpenSSH internally
         transforms one value to another (e.g. permitrootlogin prohibit-password
         is transformed to permitrootlogin without-password).
         Workaround: Use the value that OpenSSH uses internally.

AUTHORS

       Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>

COPYING

       Copyright (C) 2020 Dennis Camera. You can redistribute it and/or modify it under the terms
       of the GNU General Public License as published by the  Free  Software  Foundation,  either
       version 3 of the License, or (at your option) any later version.

COPYRIGHT

       ungleich GmbH 2021