Ask Your Question

A group of servers with SSH X11 Forwarding

asked 2013-01-06 23:37:08 -0600

Paul Warren gravatar image

updated 2013-01-13 22:46:40 -0600

Basically: How do I set up a group of servers that require X11 Forwarding for the SSH config?

I'm very new to puppet, and have inherited some 20 odd servers and VMs that are managed with puppet, and I need to be able to tell puppet that some of those machines need X11 Forwarding enabled. And I'm completely lost as to where to start, I don't even know if a group is the right term, a Manifest perhaps?

I'm just going through the tutorial at puppet labs, and will see if that helps, but if someone ... (more)

edit retag flag offensive close merge delete


The above sshd_config is in /etc/puppet/modules/ssh/manifests/ssh.pp outside the top level ssh class.

Paul Warren gravatar imagePaul Warren ( 2013-01-13 23:00:49 -0600 )edit

3 Answers

Sort by » oldest newest most voted

answered 2013-01-07 01:46:14 -0600

If you have Augeas installed on your machines, you could create the following class in your ssh module

class ssh::x11_forwarding {
  augeas { 'enable x11 forwarding':
    lens    => 'Sshd.lns',
    incl    => '/etc/ssh/sshd_config',
    context => '/files/etc/ssh/sshd_config',
    changes => 'set X11Forwarding yes',
    notify  => Service['ssh'],

You can then just include ssh::x11_forwarding on the hosts that you want it enabled.

edit flag offensive delete link more


Thanks, that's just the thing I need, and now I'm thinking with puppet :)

Paul Warren gravatar imagePaul Warren ( 2013-01-07 18:18:10 -0600 )edit

Well, I thought it was.... See edits to original question

Paul Warren gravatar imagePaul Warren ( 2013-01-13 23:01:29 -0600 )edit

You shouldn't use a template AND augeas to manage the same file. They will compete with each other. Pick the method that fits you best, and use it exclusively.

Raphink gravatar imageRaphink ( 2013-01-30 00:46:15 -0600 )edit

answered 2013-01-30 00:45:12 -0600

I second @rodjek's suggestion to use augeas for that need. However if you use the augeas type as suggested, you might encounter issues with match groups in sshd_config which will not be managed properly (in case you use them).

For that reason I'd recommend using the sshd_config provider from the augeasproviders module which is made specifically for this purpose. @rodjek's code would then become:

class ssh::x11_forwarding {
  sshd_config { 'X11Forwarding':
    value    => 'yes',
    notify  => Service['ssh'],
edit flag offensive delete link more

answered 2013-01-07 19:52:49 -0600

How is the SSH configuration currently managed on those servers, if it is at all?

Unfortunately there's no easy answer to this... especially if it's an inherited Puppet deployment, there's good odds that SSH will currently be managed with a one-off homegrown manifest or module.

Look through the current puppet configuration and see if there's anything referencing SSH in it. If not, you can feel free to use whatever method you want; the Augeas method mentioned by rodjek is fine, but personally I'd use a template for the sshd_config file.

However, if puppet is already ... (more)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2013-01-06 23:37:08 -0600

Seen: 646 times

Last updated: Jan 30 '13