Update SSH Config File With Different Values

[Dan Crisp]

Hi,

I'm looking for some advice on a best approach on a topic that I'm know where near an expert in.  Should the following be dealt with via a template, hera or something else?

Our goal is to deploy a standard SSH configuration across all servers albeit some minor alternations to a handful.  All of our servers have the following line:

ListenAddress xx.xx.xx

No problem there I can alter this simply enough on a per server/per IP bases.

The advise I'm looking for is how to handle the following scenario.  In some cases, we allow password-less SSH access between servers via the following:

Match Address xx.xx.xx.xx

 PermitRootLogin without-password

However in all instances where we declare the above, all IP addresses are different.  For example: 

Server A:

  Allows access from Server B via:

   Match Address Server B IP ADDR

   PermitRootLogin without-password

Server B:

  Allows access from Server A via:

   Match Address Server A IP ADDR

   PermitRootLogin without-password

Is this achievable?  Looking forward to any advise that can help me out here.

Thanks,

Dan.

[Dan White]

I have had good luck with this Forge module. 

https://forge.puppet.com/saz/ssh

Try it out and see if it meets your needs. 

And, absolutely use Hiera.  Just set up a hierarchy that includes a node level, and your node-specific settings are handled. 

"Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us."

Bill Waterson (Calvin & Hobbes)

On Jan 8, 2020, at 8:28 AM, Dan Crisp <djc...@gmail.com> wrote: