ssh_authorized_key pattern-list

瀏覽次數:44 次
跳到第一則未讀訊息

Saad Butto

未讀,
2022年8月31日 下午5:31:032022/8/31
收件者:Puppet Users
Hi guys,

I am trying to add a restriction to an SSH public key in the authorized_keys file. The restriction is to only allow ssh access from certain IP addresses using that particular SSH key.

SSH has something called pattern-list where you can add from=<pattern-list> ahead of the public key in the authorized_keys.

something like this:

from="10.0.0.?,*.example.com" ssh-rsa AB3Nz...EN8w== us...@example.com

I couldn't find the ssh_authorized_key attribute that can help achieve that.

Can someone please help me find a way to do it using puppet ssh_authorized_key  resource?

Thanks

Ian Mortimer

未讀,
2022年9月4日 下午6:07:482022/9/4
收件者:puppet...@googlegroups.com
On Wed, 2022-08-31 at 14:03 -0700, Saad Butto wrote:


> I couldn't find the ssh_authorized_key attribute that can help
> achieve that.
>
> Can someone please help me find a way to do it using puppet
> ssh_authorized_key resource?

https://puppet.com/docs/puppet/5.5/types/ssh_authorized_key.html#ssh_authorized_key-attribute-options


--
Ian

Saad Butto

未讀,
2022年9月10日 上午11:26:322022/9/10
收件者:Puppet Users
Hi Ian,

I found that too but it defers you to SSH options. It doesn't say how to use from=<pattern-list> with puppet ssh_authorized_key resource.

Thanks

Ian Mortimer

未讀,
2022年9月11日 下午6:58:042022/9/11
收件者:puppet...@googlegroups.com
On Sat, 2022-09-10 at 08:26 -0700, Saad Butto wrote:

> I found that too but it defers you to SSH options. It doesn't say how
> to use from=<pattern-list> with puppet ssh_authorized_key resource.

Options is an array. Most commonly used options are from and command.
Something like this in hiera is what we use:

options: ['from="allowed.host"', 'command="allowed_command"']


--
Ian

Saad Butto

未讀,
2022年9月14日 上午9:46:272022/9/14
收件者:Puppet Users
hmmm, I will give it a try.

Thanks
回覆所有人
回覆作者
轉寄
0 則新訊息