Browse Source
Merge remote-tracking branch 'origin/pr/3'
Conflicts: openssh/files/sshd_config openssh/init.sls pillar.exampletags/v0.41.0
Seth House
10 years ago
3 changed files with 94 additions and 2 deletions
+ 39
- 1
openssh/files/sshd_config
View File
| @@ -102,4 +102,42 @@ | |||
| # If you just want the PAM account and session checks to run without | |||
| # PAM authentication, then enable this but set PasswordAuthentication | |||
| # and ChallengeResponseAuthentication to 'no'. | |||
| #UsePAM yes | |||
| UsePAM yes | |||
| #AllowAgentForwarding yes | |||
| #AllowTcpForwarding yes | |||
| #GatewayPorts no | |||
| X11Forwarding yes | |||
| #X11DisplayOffset 10 | |||
| #X11UseLocalhost yes | |||
| PrintMotd no # pam does that | |||
| #PrintLastLog yes | |||
| #TCPKeepAlive yes | |||
| #UseLogin no | |||
| {% if grains['os_family'] == 'RedHat' %} | |||
| UsePrivilegeSeparation yes # RedHat/Centos 6.4 and earlier currently ship 5.3 (sandbox introduced in OpenSSH 5.9) | |||
| {% else %} | |||
| UsePrivilegeSeparation sandbox # Default for new installations. | |||
| {% endif %} | |||
| #PermitUserEnvironment no | |||
| #Compression delayed | |||
| #ClientAliveInterval 0 | |||
| #ClientAliveCountMax 3 | |||
| #UseDNS yes | |||
| #PidFile /run/sshd.pid | |||
| #MaxStartups 10:30:100 | |||
| #PermitTunnel no | |||
| #ChrootDirectory none | |||
| #VersionAddendum none | |||
| # no default banner path | |||
| Banner /etc/ssh/banner | |||
| # override default of no subsystems | |||
| Subsystem sftp /usr/lib/ssh/sftp-server | |||
| # Example of overriding settings on a per-user basis | |||
| #Match User anoncvs | |||
| # X11Forwarding no | |||
| # AllowTcpForwarding no | |||
| # ForceCommand cvs server | |||
+ 39
- 0
openssh/init.sls
View File
| @@ -8,4 +8,43 @@ openssh: | |||
| - name: {{ openssh.service }} | |||
| - require: | |||
| - pkg: {{ openssh.server }} | |||
| {% if salt['pillar.get']('openssh:provide_dsa_keys', False) %} | |||
| - file: /etc/ssh/ssh_host_dsa_key | |||
| - file: /etc/ssh/ssh_host_dsa_key.pub | |||
| {% endif %} | |||
| {% if salt['pillar.get']('openssh:provide_rsa_keys', False) %} | |||
| - file: /etc/ssh/ssh_host_rsa_key | |||
| - file: /etc/ssh/ssh_host_rsa_key.pub | |||
| {% endif %} | |||
| {% if salt['pillar.get']('openssh:provide_dsa_keys', False) %} | |||
| ssh_host_dsa_key: | |||
| file.managed: | |||
| - name: /etc/ssh/ssh_host_dsa_key | |||
| - contents_pillar: 'openssh:dsa:private_key' | |||
| - user: root | |||
| - mode: 600 | |||
| ssh_host_dsa_key.pub: | |||
| file.managed: | |||
| - name: /etc/ssh/ssh_host_dsa_key.pub | |||
| - contents_pillar: 'openssh:dsa:public_key' | |||
| - user: root | |||
| - mode: 600 | |||
| {% endif %} | |||
| {% if salt['pillar.get']('openssh:provide_rsa_keys', False) %} | |||
| ssh_host_rsa_key: | |||
| file.managed: | |||
| - name: /etc/ssh/ssh_host_rsa_key | |||
| - contents_pillar: 'openssh:rsa:private_key' | |||
| - user: root | |||
| - mode: 600 | |||
| ssh_host_rsa_key.pub: | |||
| file.managed: | |||
| - name: /etc/ssh/ssh_host_rsa_key.pub | |||
| - contents_pillar: 'openssh:rsa:public_key' | |||
| - user: root | |||
| - mode: 600 | |||
| {% endif %} | |||
+ 16
- 1
pillar.example
View File
| @@ -40,4 +40,19 @@ openssh: | |||
| present: False | |||
| enc: ssh-rsa | |||
| comment: obsolete key - removed | |||
| dsa: | |||
| private_key: | | |||
| -----BEGIN DSA PRIVATE KEY----- | |||
| NOT_DEFINED | |||
| -----END DSA PRIVATE KEY----- | |||
| public_key: | | |||
| ssh-dss NOT_DEFINED | |||
| provide_dsa_keys: False | |||
| provide_rsa_keys: False | |||
| rsa: | |||
| private_key: | | |||
| -----BEGIN RSA PRIVATE KEY----- | |||
| NOT_DEFINED | |||
| -----END RSA PRIVATE KEY----- | |||
| public_key: | | |||
| ssh-rsa NOT_DEFINED | |||
Loading…