Kaynağa Gözat

Added AllowUsers,AllowGroups,DenyUsers,DenyGroups

This will add more options to set to secure openssh
- AllowUsers
- AllowGroups
- DenyUsers
- DenyGroups
tags/v0.41.0
Niels Abspoel 10 yıl önce
ebeveyn
işleme
33ee945557
2 değiştirilmiş dosya ile 21 ekleme ve 0 silme
  1. +19
    -0
      openssh/files/sshd_config
  2. +2
    -0
      pillar.example

+ 19
- 0
openssh/files/sshd_config Dosyayı Görüntüle

@@ -137,6 +137,25 @@
# DNS resolve and map remote IP addresses
{{ option('UseDNS', 'yes') }}

# Restricting Users and Hosts
# example:
# AllowUsers vader@10.0.0.1 maul@sproing.evil.com luke
# AllowGroups wheel staff
#
# Keep in mind that using AllowUsers or AllowGroups means that anyone
# not Matching one of the supplied patterns will be denied access by default.
# Also, in order for sshd to allow access based on full or partial hostnames it
# needs to to a DNS lookup
#
# DenyUsers
{{ option('DenyUsers', '') }}
# AllowUsers
{{ option('AllowUsers', '') }}
# DenyGroups
{{ option('DenyGroups', '') }}
# AllowGroups
{{ option('AllowGroups', '') }}

{# Handling unknown in salt template options #}
{%- for keyword in sshd_config.keys() %}
{#- Matches have to be at the bottem and should be handled differently -#}

+ 2
- 0
pillar.example Dosyayı Görüntüle

@@ -32,6 +32,8 @@ sshd_config:
Subsystem: "sftp /usr/lib/openssh/sftp-server"
UsePAM: 'yes'
UseDNS: 'yes'
AllowUsers: 'vader@10.0.0.1 maul@evil.com sidious luke'
AllowGroups: 'wheel staff'
matches:
sftp_chroot:
type:

Yükleniyor…
İptal
Kaydet