Browse Source
Merge pull request #8 from carlosperello/master
Allow to manage ssh certificates from pillar definitionstags/v0.41.0
Joseph Hall
11 years ago
4 changed files with 70 additions and 8 deletions
+ 1
- 1
LICENSE
View File
| Copyright (c) 2013 Salt Stack Formulas | |||||
| Copyright (c) 2013-2014 Salt Stack Formulas | |||||
| Licensed under the Apache License, Version 2.0 (the "License"); | Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| you may not use this file except in compliance with the License. | you may not use this file except in compliance with the License. |
+ 13
- 7
README.rst
View File
| Installs the ``openssh`` server package and service. | Installs the ``openssh`` server package and service. | ||||
| ``openssh.config`` | |||||
| ``openssh.auth`` | |||||
| ----------- | |||||
| Manages SSH certificates for users. | |||||
| ``openssh.banner`` | |||||
| ------------------ | ------------------ | ||||
| Installs the ssh daemon configuration file included in this formula | |||||
| (under "openssh/files"). This configuration file is populated | |||||
| by values from pillar. ``pillar.example`` results in the generation | |||||
| of the default ``sshd_config`` file on Debian Wheezy. | |||||
| Installs a banner that users see when SSH-ing in. | |||||
| ``openssh.client`` | ``openssh.client`` | ||||
| ------------------ | ------------------ | ||||
| Installs the openssh client package. | Installs the openssh client package. | ||||
| ``openssh.banner`` | |||||
| ``openssh.config`` | |||||
| ------------------ | ------------------ | ||||
| Installs a banner that users see when SSH-ing in. | |||||
| Installs the ssh daemon configuration file included in this formula | |||||
| (under "openssh/files"). This configuration file is populated | |||||
| by values from pillar. ``pillar.example`` results in the generation | |||||
| of the default ``sshd_config`` file on Debian Wheezy. | |||||
+ 43
- 0
openssh/auth.sls
View File
| include: | |||||
| - openssh | |||||
| {% from "openssh/map.jinja" import openssh with context %} | |||||
| {% set openssh_pillar = pillar.get('openssh', {}) %} | |||||
| {% set auth = openssh_pillar.get('auth', {}) %} | |||||
| {% for user,keys in auth.items() -%} | |||||
| {% for key in keys -%} | |||||
| {% if 'present' in key and key['present'] %} | |||||
| {{ key['name'] }}: | |||||
| ssh_auth.present: | |||||
| - user: {{ user }} | |||||
| {% if 'source' in key %} | |||||
| - source: {{ key['source'] }} | |||||
| {% else %} | |||||
| {% if 'enc' in key %} | |||||
| - enc: {{ key['enc'] }} | |||||
| {% endif %} | |||||
| {% if 'comment' in key %} | |||||
| - comment: {{ key['comment'] }} | |||||
| {% endif %} | |||||
| {% if 'options' in key %} | |||||
| - options: {{ key['options'] }} | |||||
| {% endif %} | |||||
| {% endif %} | |||||
| - require: | |||||
| - service: {{ openssh.service }} | |||||
| {% else %} | |||||
| {{ key['name'] }}: | |||||
| ssh_auth.absent: | |||||
| - user: {{ user }} | |||||
| {% if 'enc' in key %} | |||||
| - enc: {{ key['enc'] }} | |||||
| {% endif %} | |||||
| {% if 'comment' in key %} | |||||
| - comment: {{ key['comment'] }} | |||||
| {% endif %} | |||||
| {% if 'options' in key %} | |||||
| - options: {{ key['options'] }} | |||||
| {% endif %} | |||||
| {% endif %} | |||||
| {% endfor %} | |||||
| {% endfor %} |
+ 13
- 0
pillar.example
View File
| AcceptEnv: "LANG LC_*" | AcceptEnv: "LANG LC_*" | ||||
| Subsystem: "sftp /usr/lib/openssh/sftp-server" | Subsystem: "sftp /usr/lib/openssh/sftp-server" | ||||
| UsePAM: yes | UsePAM: yes | ||||
| openssh: | |||||
| auth: | |||||
| joe: | |||||
| - name: JOE_VALID_SSH_PUBLIC_KEY | |||||
| present: True | |||||
| enc: ssh-rsa | |||||
| comment: main key | |||||
| - name: JOE_NON_VALID_SSH_PUBLIC_KEY | |||||
| present: False | |||||
| enc: ssh-rsa | |||||
| comment: obsolete key - removed | |||||
Loading…