nterupt
11 years ago
3 changed files with 69 additions and 0 deletions
+ 4
- 0
openssh/files/sshd_config
View File
| @@ -102,7 +102,11 @@ PrintMotd no # pam does that | |||
| #PrintLastLog yes | |||
| #TCPKeepAlive yes | |||
| #UseLogin no | |||
| {% if grains['os_family'] == 'RedHat' %} | |||
| UsePrivilegeSeparation yes # RedHat/Centos 6.4 and earlier currently ship 5.3 (sandbox introduced in OpenSSH 5.9) | |||
| {% else %} | |||
| UsePrivilegeSeparation sandbox # Default for new installations. | |||
| {% endif %} | |||
| #PermitUserEnvironment no | |||
| #Compression delayed | |||
| #ClientAliveInterval 0 | |||
+ 47
- 0
openssh/init.sls
View File
| @@ -6,20 +6,67 @@ openssh: | |||
| {% endif %} | |||
| service.running: | |||
| - enable: True | |||
| {% if grains['os_family'] == 'RedHat' %} | |||
| - name: sshd | |||
| {% else %} | |||
| - name: ssh | |||
| {% endif %} | |||
| - require: | |||
| - pkg: openssh | |||
| - file: sshd_banner | |||
| - watch: | |||
| - file: sshd_config | |||
| {% if salt['pillar.get']('openssh:provide_dsa_keys', False) %} | |||
| - file: /etc/ssh/ssh_host_dsa_key | |||
| - file: /etc/ssh/ssh_host_dsa_key.pub | |||
| {% endif %} | |||
| {% if salt['pillar.get']('openssh:provide_rsa_keys', False) %} | |||
| - file: /etc/ssh/ssh_host_rsa_key | |||
| - file: /etc/ssh/ssh_host_rsa_key.pub | |||
| {% endif %} | |||
| sshd_config: | |||
| file.managed: | |||
| - name: /etc/ssh/sshd_config | |||
| - source: salt://openssh/files/sshd_config | |||
| - template: jinja | |||
| - user: root | |||
| - mode: 600 | |||
| sshd_banner: | |||
| file.managed: | |||
| - name: /etc/ssh/banner | |||
| - source: salt://openssh/files/banner | |||
| - template: jinja | |||
| {% if salt['pillar.get']('openssh:provide_dsa_keys', False) %} | |||
| ssh_host_dsa_key: | |||
| file.managed: | |||
| - name: /etc/ssh/ssh_host_dsa_key | |||
| - contents_pillar: 'openssh:dsa:private_key' | |||
| - user: root | |||
| - mode: 600 | |||
| ssh_host_dsa_key.pub: | |||
| file.managed: | |||
| - name: /etc/ssh/ssh_host_dsa_key.pub | |||
| - contents_pillar: 'openssh:dsa:public_key' | |||
| - user: root | |||
| - mode: 600 | |||
| {% endif %} | |||
| {% if salt['pillar.get']('openssh:provide_rsa_keys', False) %} | |||
| ssh_host_rsa_key: | |||
| file.managed: | |||
| - name: /etc/ssh/ssh_host_rsa_key | |||
| - contents_pillar: 'openssh:rsa:private_key' | |||
| - user: root | |||
| - mode: 600 | |||
| ssh_host_rsa_key.pub: | |||
| file.managed: | |||
| - name: /etc/ssh/ssh_host_rsa_key.pub | |||
| - contents_pillar: 'openssh:rsa:public_key' | |||
| - user: root | |||
| - mode: 600 | |||
| {% endif %} | |||
+ 18
- 0
pillar.example
View File
| @@ -0,0 +1,18 @@ | |||
| #``openssh`` formula configuration: | |||
| openssh: | |||
| dsa: | |||
| private_key: | | |||
| -----BEGIN DSA PRIVATE KEY----- | |||
| NOT_DEFINED | |||
| -----END DSA PRIVATE KEY----- | |||
| public_key: | | |||
| ssh-dss NOT_DEFINED | |||
| provide_dsa_keys: False | |||
| provide_rsa_keys: False | |||
| rsa: | |||
| private_key: | | |||
| -----BEGIN RSA PRIVATE KEY----- | |||
| NOT_DEFINED | |||
| -----END RSA PRIVATE KEY----- | |||
| public_key: | | |||
| ssh-rsa NOT_DEFINED | |||
Loading…