From 65a9cbbcf2ea46647b53eb1d1d4ebd7a3de26e8c Mon Sep 17 00:00:00 2001 From: Mischa ter Smitten Date: Mon, 11 Mar 2024 13:40:55 +0100 Subject: [PATCH 1/2] Add support for AuthorizedKeysCommand and AuthorizedKeysCommandUser --- README.md | 5 ++--- templates/etc/ssh/sshd_config.j2 | 1 - 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index da9fbb8..0960111 100644 --- a/README.md +++ b/README.md @@ -62,9 +62,8 @@ None * `ssh_server_allow_users`: [default: `[]`]: A list of user name patterns. If specified, login is allowed only for user names that match one of the patterns * `ssh_server_deny_groups`: [default: `[]`]: A list of group name patterns. If specified, login is disallowed for users whose primary group or supplementary group list matches one of the patterns * `ssh_server_deny_users`: [default: `[]`]: A list of user name patterns. If specified, login is disallowed for user names that match one of the patterns -* `ssh_server_autorized_keys_command`: [default: ]: Specifies a program to be used to look up the user's public keys. -* `ssh_server_autorized_keys_command_user`: [default: `nobody`]: Specifies the user under whose account the AuthorizedKeysCommand is run - +* `ssh_server_autorized_keys_command`: [optional]: Specifies a program to be used to look up the user's public keys +* `ssh_server_autorized_keys_command_user`: [default: `nobody`]: Specifies the user under whose account the `AuthorizedKeysCommand` is run ## Dependencies diff --git a/templates/etc/ssh/sshd_config.j2 b/templates/etc/ssh/sshd_config.j2 index 9824063..d151e62 100644 --- a/templates/etc/ssh/sshd_config.j2 +++ b/templates/etc/ssh/sshd_config.j2 @@ -47,7 +47,6 @@ AuthorizedKeysCommand {{ ssh_server_autorized_keys_command }} AuthorizedKeysCommandUser {{ ssh_server_autorized_keys_command_user }} {% endif %} - # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts {{ ssh_server_ignore_rhosts | bool | ternary('yes', 'no') }} {% if ssh_server_version is version('7.4', '<') %} From 787548ed0347c9ba714dd4353f10debd41116972 Mon Sep 17 00:00:00 2001 From: Mischa ter Smitten Date: Mon, 11 Mar 2024 13:54:51 +0100 Subject: [PATCH 2/2] Fix typo's --- README.md | 4 ++-- templates/etc/ssh/sshd_config.j2 | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0960111..3970ea0 100644 --- a/README.md +++ b/README.md @@ -62,8 +62,8 @@ None * `ssh_server_allow_users`: [default: `[]`]: A list of user name patterns. If specified, login is allowed only for user names that match one of the patterns * `ssh_server_deny_groups`: [default: `[]`]: A list of group name patterns. If specified, login is disallowed for users whose primary group or supplementary group list matches one of the patterns * `ssh_server_deny_users`: [default: `[]`]: A list of user name patterns. If specified, login is disallowed for user names that match one of the patterns -* `ssh_server_autorized_keys_command`: [optional]: Specifies a program to be used to look up the user's public keys -* `ssh_server_autorized_keys_command_user`: [default: `nobody`]: Specifies the user under whose account the `AuthorizedKeysCommand` is run +* `ssh_server_authorized_keys_command`: [optional]: Specifies a program to be used to look up the user's public keys +* `ssh_server_authorized_keys_command_user`: [default: `nobody`]: Specifies the user under whose account the `AuthorizedKeysCommand` is run ## Dependencies diff --git a/templates/etc/ssh/sshd_config.j2 b/templates/etc/ssh/sshd_config.j2 index d151e62..bacc9ef 100644 --- a/templates/etc/ssh/sshd_config.j2 +++ b/templates/etc/ssh/sshd_config.j2 @@ -42,9 +42,9 @@ RSAAuthentication {{ ssh_server_rsa_authentication | bool | ternary('yes', 'no') PubkeyAuthentication {{ ssh_server_pubkey_authentication | bool | ternary('yes', 'no') }} AuthorizedKeysFile {{ ssh_server_authorized_keys_file }} -{% if ssh_server_autorized_keys_command is defined %} -AuthorizedKeysCommand {{ ssh_server_autorized_keys_command }} -AuthorizedKeysCommandUser {{ ssh_server_autorized_keys_command_user }} +{% if ssh_server_authorized_keys_command is defined %} +AuthorizedKeysCommand {{ ssh_server_authorized_keys_command }} +AuthorizedKeysCommandUser {{ ssh_server_authorized_keys_command_user }} {% endif %} # Don't read the user's ~/.rhosts and ~/.shosts files