1CDIST-TYPE__SSHD_CONFIG(7)           cdist          CDIST-TYPE__SSHD_CONFIG(7)
2
3
4

NAME

6       cdist-type__sshd_config - Manage options in sshd_config
7

DESCRIPTION

9       This space intentionally left blank.
10

REQUIRED PARAMETERS

12       None.
13

OPTIONAL PARAMETERS

15       file   The   path  to  the  sshd_config  file  to  edit.   Defaults  to
16              /etc/ssh/sshd_config.
17
18       match  Restrict this option to apply only for certain connections.  Al‐
19              lowed  values  are  what  would be allowed to be written after a
20              Match keyword in sshd_config, e.g. --match 'User anoncvs'.
21
22              Can be used multiple times. All of  the  values  are  ANDed  to‐
23              gether.
24
25       option The name of the option to manipulate. Defaults to __object_id.
26
27       state  Can be:
28
29              • present:  ensure a matching config line is present (or the de‐
30                fault value).
31
32              • absent: ensure no matching config line is present.
33
34       value  The option's value to be assigned  to  the  option  (if  --state
35              present) or removed (if --state absent).
36
37              This option is required if --state present. If not specified and
38              --state absent, all values for the given option are removed.
39

BOOLEAN PARAMETERS

41       None.
42

EXAMPLES

44          # Disallow root logins with password
45          __sshd_config PermitRootLogin --value without-password
46
47          # Disallow password-based authentication
48          __sshd_config PasswordAuthentication --value no
49
50          # Accept the EDITOR environment variable
51          __sshd_config AcceptEnv:EDITOR --option AcceptEnv --value EDITOR
52
53          # Force command for connections as git user
54          __sshd_config git@ForceCommand --match 'User git' --option ForceCommand \
55              --value 'cd ~git && exec git-shell ${SSH_ORIGINAL_COMMAND:+-c "${SSH_ORIGINAL_COMMAND}"}'
56

SEE ALSO

58       sshd_config(5)
59

BUGS

61       • This type assumes a nicely formatted config file, i.e. no config  op‐
62         tions spanning multiple lines.
63
64       • Include directives are ignored.
65
66       • Config options are not added/removed to/from the config file if their
67         value is the default value.
68
69       •
70         The explorer will incorrectly report absent if OpenSSH internally
71         transforms one value to another (e.g. permitrootlogin prohibit-password
72         is transformed to permitrootlogin without-password).
73         Workaround: Use the value that OpenSSH uses internally.
74
75

AUTHORS

77       Dennis Camera <dennis.camera--@--ssrq-sds-fds.ch>
78

COPYING

80       Copyright (C) 2020 Dennis Camera. You can redistribute it and/or modify
81       it  under  the  terms of the GNU General Public License as published by
82       the Free Software Foundation, either version 3 of the License,  or  (at
83       your option) any later version.
84

COPYRIGHT

86       ungleich GmbH 2021
87
88
89
90
917.0.0                            Jul 31, 2022       CDIST-TYPE__SSHD_CONFIG(7)