11 years ago · e2cddca13e
--- a/openssh/files/sshd_config
+++ b/openssh/files/sshd_config
 {% set openssh_pillar = pillar.get('openssh', {}) %}
 {% set sshd_config = openssh_pillar.get('sshd_config', {}) %}
 {% set sshd_config = pillar.get('sshd_config', {}) %}
 # This file is managed by salt. Manual changes risk being overwritten.
 # The contents of the original sshd_config are kept on the bottom for
--- a/pillar.example
+++ b/pillar.example
 openssh:
  sshd_config:
    Port: 22
    Protocol: 2
    HostKey:
      - /etc/ssh/ssh_host_rsa_key
      - /etc/ssh/ssh_host_dsa_key
      - /etc/ssh/ssh_host_ecdsa_key
    UsePrivilegeSeparation: yes
    KeyRegenerationInterval: 3600
    ServerKeyBits: 768
    SyslogFacility: AUTH
    LogLevel: INFO
    LoginGraceTime: 120
    PermitRootLogin: yes
    StrictModes: yes
    RSAAuthentication: yes
    PubkeyAuthentication: yes
    IgnoreRhosts: yes
    RhostsRSAAuthentication: no
    HostbasedAuthentication: no
    PermitEmptyPasswords: no
    ChallengeResponseAuthentication: no
    X11Forwarding: yes
    X11DisplayOffset: 10
    PrintMotd: no
    PrintLastLog: yes
    TCPKeepAlive: yes
    AcceptEnv: "LANG LC_*"
    Subsystem: "sftp /usr/lib/openssh/sftp-server"
    UsePAM: yes
 sshd_config:
  Port: 22
  Protocol: 2
  HostKey:
    - /etc/ssh/ssh_host_rsa_key
    - /etc/ssh/ssh_host_dsa_key
    - /etc/ssh/ssh_host_ecdsa_key
  UsePrivilegeSeparation: yes
  KeyRegenerationInterval: 3600
  ServerKeyBits: 768
  SyslogFacility: AUTH
  LogLevel: INFO
  LoginGraceTime: 120
  PermitRootLogin: yes
  StrictModes: yes
  RSAAuthentication: yes
  PubkeyAuthentication: yes
  IgnoreRhosts: yes
  RhostsRSAAuthentication: no
  HostbasedAuthentication: no
  PermitEmptyPasswords: no
  ChallengeResponseAuthentication: no
  X11Forwarding: yes
  X11DisplayOffset: 10
  PrintMotd: no
  PrintLastLog: yes
  TCPKeepAlive: yes
  AcceptEnv: "LANG LC_*"
  Subsystem: "sftp /usr/lib/openssh/sftp-server"
  UsePAM: yes
 openssh:
  auth:
    joe:
      - name: JOE_VALID_SSH_PUBLIC_KEY