User story #4117
closedExtend OpenSSH technique
Description
Since the OpenSSH technique lacks lots of options to configure, I tried to add something at the end with the "enforce a file content" technique. To be clear, the sshd_config file should first be edited by the OpenSSH technique to have a base install/config and then I want to add something to the end. This doesn't work.
- In the OpenSSH technique I configured PasswordAuthentication to be no
- in the enforce file content I added this:
Match User foobar PasswordAuthentication yes
After one run of cf-agent the file ends like this:
PasswordAuthentication no Match User spaceobserver PasswordAuthentication no Port 22
If i now run cf-agent multiple times, the file ends like this:
PasswordAuthentication no Match User spaceobserver PasswordAuthentication no PasswordAuthentication no PasswordAuthentication no PasswordAuthentication no Port 22
Note: I saw this behaviour before: the OpenSSH technique adds options multiple times, which most times is harmless, but ugly.
Updated by Vincent MEMBRÉ about 11 years ago
- Category set to Techniques
- Status changed from New to 8
- Assignee set to Matthieu CERDA
- Priority changed from N/A to 1 (highest)
Thank you Dennis for reporting!
Which version of the technique are you using ? 2.0 or 3.0 ?
And which version of Enforce file content?
Maybe the two of them are conflicting...
Matthieu, can you look into this ?
Updated by Dennis Cabooter about 11 years ago
I use the OpenSSH server version 2.0 Technique and the Enforce a file content version 3.2 Technique.
I think the OpenSSH server technique has more issues; it adds some directives multiple times and sometimes the file is edited on a node and sometimes it's overwritten (I strongly prefer the latest).
Updated by Jonathan CLARKE almost 11 years ago
- Assignee changed from Matthieu CERDA to Nicolas CHARLES
Nico, can you look into this when you get a chance?
Updated by Nicolas CHARLES almost 11 years ago
- Status changed from 8 to Discussion
- Assignee changed from Nicolas CHARLES to Dennis Cabooter
Dennis,
I'm afraid this is the expected behaviour with current version of the Techniques, as you have two conflicting configurations:
- one to set PasswordAuthentication no (the OpenSSH directive)
- one to set PasswordAuthentication yes (enforce a file content)
apparently, the second directive applies first, adding the line (it is not there), while the first one remplace all the lines PasswordAuthentication.* to PasswordAuthentication no
What we could do is to modify the OpenSSH technique to replace content only before the Match .*
Do you know if there are others end sections than Match that can exist in the OpenSSH config file
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.21 to 2.11.22
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.22 to 2.11.23
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.23 to 2.11.24
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.24 to 308
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 308 to 3.1.14
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.14 to 3.1.15
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.15 to 3.1.16
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.16 to 3.1.17
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.17 to 3.1.18
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 3.1.18 to 3.1.19
Updated by Benoît PECCATTE almost 8 years ago
- Tracker changed from Bug to User story
- Subject changed from OpenSSH technique is not consequent to Extend OpenSSH technique
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.19 to 3.1.20
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.20 to 3.1.21
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.21 to 3.1.22
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.22 to 3.1.23
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.23 to 3.1.24
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 3.1.24 to 3.1.25
Updated by Benoît PECCATTE about 7 years ago
- Target version changed from 3.1.25 to 4.1.9
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 4.1.9 to 4.1.10
Updated by Benoît PECCATTE almost 7 years ago
- Target version changed from 4.1.10 to Ideas (not version specific)
Updated by Alexis Mousset almost 3 years ago
This won’t be added to that technique, please use the technique editor for that. If you are missing some capabilities in it, please open a ticket for that need.
Updated by Alexis Mousset almost 3 years ago
- Status changed from Discussion to Rejected