Project

General

Profile

Actions

User story #4117

closed

Extend OpenSSH technique

Added by Dennis Cabooter about 11 years ago. Updated almost 3 years ago.

Status:
Rejected
Priority:
1 (highest)
Assignee:
-
Category:
Techniques
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

Since the OpenSSH technique lacks lots of options to configure, I tried to add something at the end with the "enforce a file content" technique. To be clear, the sshd_config file should first be edited by the OpenSSH technique to have a base install/config and then I want to add something to the end. This doesn't work.

- In the OpenSSH technique I configured PasswordAuthentication to be no
- in the enforce file content I added this:

Match User foobar
PasswordAuthentication yes

After one run of cf-agent the file ends like this:

PasswordAuthentication no
Match User spaceobserver
PasswordAuthentication no
Port 22

If i now run cf-agent multiple times, the file ends like this:

PasswordAuthentication no
Match User spaceobserver
PasswordAuthentication no
PasswordAuthentication no
PasswordAuthentication no
PasswordAuthentication no
Port 22

Note: I saw this behaviour before: the OpenSSH technique adds options multiple times, which most times is harmless, but ugly.

Actions #1

Updated by Vincent MEMBRÉ about 11 years ago

  • Category set to Techniques
  • Status changed from New to 8
  • Assignee set to Matthieu CERDA
  • Priority changed from N/A to 1 (highest)

Thank you Dennis for reporting!

Which version of the technique are you using ? 2.0 or 3.0 ?

And which version of Enforce file content?

Maybe the two of them are conflicting...

Matthieu, can you look into this ?

Actions #2

Updated by Dennis Cabooter about 11 years ago

I use the OpenSSH server version 2.0 Technique and the Enforce a file content version 3.2 Technique.

I think the OpenSSH server technique has more issues; it adds some directives multiple times and sometimes the file is edited on a node and sometimes it's overwritten (I strongly prefer the latest).

Actions #3

Updated by Jonathan CLARKE almost 11 years ago

  • Assignee changed from Matthieu CERDA to Nicolas CHARLES

Nico, can you look into this when you get a chance?

Actions #4

Updated by Nicolas CHARLES almost 11 years ago

  • Status changed from 8 to Discussion
  • Assignee changed from Nicolas CHARLES to Dennis Cabooter

Dennis,

I'm afraid this is the expected behaviour with current version of the Techniques, as you have two conflicting configurations:
- one to set PasswordAuthentication no (the OpenSSH directive)
- one to set PasswordAuthentication yes (enforce a file content)

apparently, the second directive applies first, adding the line (it is not there), while the first one remplace all the lines PasswordAuthentication.* to PasswordAuthentication no

What we could do is to modify the OpenSSH technique to replace content only before the Match .*
Do you know if there are others end sections than Match that can exist in the OpenSSH config file

Actions #5

Updated by Benoît PECCATTE over 9 years ago

  • Assignee deleted (Dennis Cabooter)
Actions #6

Updated by Benoît PECCATTE over 8 years ago

  • Target version set to 2.11.21
Actions #7

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.11.21 to 2.11.22
Actions #8

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.11.22 to 2.11.23
Actions #9

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.11.23 to 2.11.24
Actions #10

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 2.11.24 to 308
Actions #11

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 308 to 3.1.14
Actions #12

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 3.1.14 to 3.1.15
Actions #13

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 3.1.15 to 3.1.16
Actions #14

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 3.1.16 to 3.1.17
Actions #15

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 3.1.17 to 3.1.18
Actions #16

Updated by Vincent MEMBRÉ almost 8 years ago

  • Target version changed from 3.1.18 to 3.1.19
Actions #17

Updated by Benoît PECCATTE almost 8 years ago

  • Tracker changed from Bug to User story
  • Subject changed from OpenSSH technique is not consequent to Extend OpenSSH technique
Actions #18

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.19 to 3.1.20
Actions #19

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.20 to 3.1.21
Actions #20

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.21 to 3.1.22
Actions #21

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.22 to 3.1.23
Actions #22

Updated by Vincent MEMBRÉ over 7 years ago

  • Target version changed from 3.1.23 to 3.1.24
Actions #23

Updated by Vincent MEMBRÉ about 7 years ago

  • Target version changed from 3.1.24 to 3.1.25
Actions #24

Updated by Benoît PECCATTE about 7 years ago

  • Target version changed from 3.1.25 to 4.1.9
Actions #25

Updated by Vincent MEMBRÉ about 7 years ago

  • Target version changed from 4.1.9 to 4.1.10
Actions #26

Updated by Benoît PECCATTE almost 7 years ago

  • Target version changed from 4.1.10 to Ideas (not version specific)
Actions #27

Updated by Alexis Mousset almost 3 years ago

This won’t be added to that technique, please use the technique editor for that. If you are missing some capabilities in it, please open a ticket for that need.

Actions #28

Updated by Alexis Mousset almost 3 years ago

  • Status changed from Discussion to Rejected
Actions

Also available in: Atom PDF