I have had good luck with this Forge module. https://forge.puppet.com/saz/ssh
Try it out and see if it meets your needs. And, absolutely use Hiera. Just set up a hierarchy that includes a node level, and your node-specific settings are handled. "Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us." Bill Waterson (Calvin & Hobbes) > On Jan 8, 2020, at 8:28 AM, Dan Crisp <djc7...@gmail.com> wrote: > > > Hi, > > I'm looking for some advice on a best approach on a topic that I'm know where > near an expert in. Should the following be dealt with via a template, hera > or something else? > > Our goal is to deploy a standard SSH configuration across all servers albeit > some minor alternations to a handful. All of our servers have the following > line: > > ListenAddress xx.xx.xx > > No problem there I can alter this simply enough on a per server/per IP bases. > > The advise I'm looking for is how to handle the following scenario. In some > cases, we allow password-less SSH access between servers via the following: > > Match Address xx.xx.xx.xx > PermitRootLogin without-password > > However in all instances where we declare the above, all IP addresses are > different. For example: > > Server A: > Allows access from Server B via: > Match Address Server B IP ADDR > PermitRootLogin without-password > > Server B: > Allows access from Server A via: > Match Address Server A IP ADDR > PermitRootLogin without-password > > Is this achievable? Looking forward to any advise that can help me out here. > > Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/BEBF0F92-2CF0-4192-AAAE-DB7101037199%40icloud.com.
