augeaus match block problem [closed]

asked 2017-03-30 01:10:50 -0500

bigfoot74 gravatar image

updated 2017-03-30 01:11:25 -0500

Hello,

I am trying to add a match block section to a sshd_config file. This is needed for a sftp server. I am using the augeas puppet module:

This is how the snippet should look like:

Match Group sftponly
   ChrootDirectory /home
   AllowTCPForwarding no
   X11Forwarding no
   ForceCommand internal-sftp

My puppet code looks something like this:

 sshd_config_subsystem { 'sftp':
       ensure  => present,
       command => 'internal-sftp',}

 sshd_config_match { 'Group sftponly':
      ensure   => present,}

 sshd_config { 'ChrootDirectory':
    ensure => present,
    key    => 'ChrootDirectory',
    value  => '/home',}

 sshd_config { 'AllowTCPForwarding':
    ensure => present,
    key    => 'AllowTCPForwarding',
    value  => 'no',}

 sshd_config { 'X11Forwarding':
    ensure => present,
    key    => 'X11Forwarding',
    value  =>  'no',}

 sshd_config { 'ForceCommand':
    ensure => present,
    key    => 'ForceCommand',
    value  =>  'internal-sftp',}

And yes it does work but somehow the " Match Group sftponly" part always ends up at the end of the file. This causes problem with "normal" ssh users. I tried around with the "position" parameter, but so far without success.

Could someone help me ??

Kind regards,

  • Pascal
edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by bigfoot74
close date 2017-03-30 07:57:15.240564

Comments

I found the solution :-) for the sshd_config section, you have to set a condition e.g: - condition => Group sftponly And if you set the position in the sshd_config_match - position => before first match Then it works :-)

bigfoot74 gravatar imagebigfoot74 ( 2017-03-30 07:56:21 -0500 )edit