Skip to content

Managing OpenSsh configuration with cme

Jump to bottom Edit New page
Dominique Dumont edited this page May 16, 2021 · 4 revisions

This page explains how to use cme to manage OpenSsh configuration.

cme provides:

  • a configuration checker for OpenSsh configuration files
  • a configuration editor graphical interface for OpenSsh configuration files. This interface also provides integrated documentation for all configuration parameters of OpenSsh.

cme supports user ssh configuration (i.e. ~/.ssh/config) or system sshd configuration (i.e. /etc/ssh/sshd_config).

Installation

Debian/Ubuntu

On Debian/Ubuntu:

apt-get install cme libconfig-model-openssh-perl

To get the optional graphical interface, add:

apt-get install libconfig-model-tkui-perl

Others

Run:

cpanm App::Cme
cpanm Config::Model::OpenSsh
cpanm Config::Model::TkUI

Convention of version number

To help people understand which version of OpenSsh is supported, Config::Model::OpenSsh version number include the supported version of OpenSsh.

The convention is

<major_version>.<OpenSshVersion>.<minor version>

For instance, Config::Model::OpenSsh version 2.8.4.3 means:

  • major version is 2
  • supported version of OpenSsh is 8.4
  • minor version is 3

Usage

Checking your configuration

Simply run cme check ssh:

$ cme check ssh
cme: using Ssh model
loading data
checking data
check done

This command can also be run as root to check /root/.ssh/config

If you want to check /etc/ssh/ssh_config, you must run sudo cme check system-ssh:

$ sudo cme check system-ssh
cme: using SystemSsh model
loading data
checking data
check done

Likewise, /etc/ssh/sshd_config can be edited with:

sudo cme edit sshd

The edit modify and shell commands described below can be applied the same way to system-ssh or sshd.

Editing your configuration with a graphical interface

Once you run cme edit ssh, you see a window like the one below. Most of your configuration is probably in the Host section. This section can be opened by clicking on the (+) sign besides "Host".

TkUI main screenshot

Since ssh features a lot of options, you may want to click on show only custom values button (top right) to hide unmodified configuration values. In the example below, the following click were done:

  1. on show only custom values button to hide unmodified values
  2. on Host (+) to open the list of configured hosts
  3. on the (+) sign of gandalf and gandalf-free to view the setup of these 2 hosts.

The green arrow means that the value is different from the default value. For instance, for host gandalf, ForwardAgent is set to yes.

TkUI main custom values

To change a value (for instance ForwardX11Trusted), you can:

  • double-click on ForwardX11Trusted
  • click on the new checkbox on top right (or click back to default button)
  • click on store button

TkUI main edit value

Once, this is done, you need to save the changes to the configuration by clicking on File->save menu.

Edit configuration with a shell like interface

If you have trouble running the graphical interface, you can use a shell like interface by running cme shell ssh command:

$ cme shell ssh
 >:$ cd Host:gandalf
 >: Host:gandalf $ ll Forward*
name              │ type    │ value  
──────────────────┼─────────┼────────
ForwardAgent      │ boolean │ yes    
ForwardX11        │ boolean │ yes    
ForwardX11Timeout │ integer │ [undef]
ForwardX11Trusted │ boolean │ yes    

 >: Host:gandalf $ set ForwardX11Trusted=no
 >: Host:gandalf $ ll Forward*
name              │ type    │ value  
──────────────────┼─────────┼────────
ForwardAgent      │ boolean │ yes    
ForwardX11        │ boolean │ yes    
ForwardX11Timeout │ integer │ [undef]
ForwardX11Trusted │ boolean │ no     

 >: Host:gandalf $ changes
Host:gandalf ForwardX11Trusted: 'yes' -> 'no'
 >: Host:gandalf $ quit


Changes applied to ssh configuration:
- Host:gandalf ForwardX11Trusted: 'yes' -> 'no'

write back data before exit ? (Y/n)y

For more details, see the documentation on available commands

common tasks with cme command line

Upgrade your ssh configuration

You can migrate your old ssh configuration file (~/.ssh/config) with the following command:

cme migrate ssh

Note: migration is quite simple: it drops old parameters that are now ignored by ssh (e.g. UseRsh and FallBackToRsh.

Upgrade your sshd configuration

You can migrate your old sshd configuration file (/etc/ssh/sshd_config) with the following command:

sudo cme migrate sshd

This command migrates

modification of configuration

You can use the modify subcommand of cme to perform a similar task on the command line. For instance:

$ cme modify ssh Host:gandalf ForwardX11Trusted=0
cme: using Ssh model

Changes applied to ssh configuration:
- Host:gandalf ForwardX11Trusted: '1' -> '0'

The command used after ssh follows the syntax described in Config::Model::Loader documentation.

More information

Add a custom footer
Add a custom sidebar
Clone this wiki locally