ssh_authorized_key pattern-list

[Saad Butto]

Hi guys,

I am trying to add a restriction to an SSH public key in the authorized_keys file. The restriction is to only allow ssh access from certain IP addresses using that particular SSH key.

SSH has something called pattern-list where you can add from=<pattern-list> ahead of the public key in the authorized_keys.

something like this:

from="10.0.0.?,*.example.com" ssh-rsa AB3Nz...EN8w== us...@example.com

I couldn't find the ssh_authorized_key attribute that can help achieve that.

Can someone please help me find a way to do it using puppet ssh_authorized_key  resource?

Thanks

[Ian Mortimer]

On Wed, 2022-08-31 at 14:03 -0700, Saad Butto wrote:


> I couldn't find the ssh_authorized_key attribute that can help
> achieve that.
>
> Can someone please help me find a way to do it using puppet
> ssh_authorized_key resource?

https://puppet.com/docs/puppet/5.5/types/ssh_authorized_key.html#ssh_authorized_key-attribute-options


--
Ian

[Saad Butto]

Hi Ian,

I found that too but it defers you to SSH options. It doesn't say how to use from=<pattern-list> with puppet ssh_authorized_key resource.

Thanks

[Ian Mortimer]

On Sat, 2022-09-10 at 08:26 -0700, Saad Butto wrote:

> I found that too but it defers you to SSH options. It doesn't say how
> to use from=<pattern-list> with puppet ssh_authorized_key resource.

Options is an array. Most commonly used options are from and command.
Something like this in hiera is what we use:

options: ['from="allowed.host"', 'command="allowed_command"']


--
Ian

[Saad Butto]

hmmm, I will give it a try.

Thanks