Pārlūkot izejas kodu

Made host key algos configurable; dropped DSA

tags/v0.41.0
Alexander Weidinger pirms 5 gadiem
vecāks
revīzija
4b84dead8e
2 mainītis faili ar 5 papildinājumiem un 1 dzēšanām
  1. +1
    -1
      openssh/config.sls
  2. +4
    -0
      openssh/defaults.yaml

+ 1
- 1
openssh/config.sls Parādīt failu

@@ -36,7 +36,7 @@ ssh_config:
{%- endif %}
{% endif %}

{%- for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}
{%- for keyType in openssh['host_key_algos'].split(',') %}
{%- set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %}
{%- set keySize = salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', False) %}
{%- if salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}

+ 4
- 0
openssh/defaults.yaml Parādīt failu

@@ -19,6 +19,10 @@ openssh:
dig_pkg: dnsutils
ssh_moduli: /etc/ssh/moduli
root_group: root
# Prevent merge of array; always override values
host_key_algos: ecdsa,ed25519,rsa
# To manage/remove DSA:
#host_key_algos: dsa,ecdsa,ed25519,rsa

sshd_config: {}
ssh_config: {}

Notiek ielāde…
Atcelt
Saglabāt