Imran Iqbal
f6dbca3352
fix: complete PR #164
* Use consistent Jinja whitespace control `{%- ... -}`
* Improve debug output (comments & whitespace control)
* Use exact state names with TOFS `files_switch`
* Add `ssh_known_hosts_src` to `defaults` (for consistency)
* Restrict `pillar.example` changes to TOFS only
* Use `fire_banner` in `pillar.example` to indicate available template
il y a 5 ans
nb
a47596f15a
feat(TOFS): ssh sshd configs known_host and banner
il y a 5 ans
alxwr
d9653889fa
removed deprecated options ( #150 )
il y a 5 ans
reschl
ffafd2a2f5
Support package versions ( #134 )
added possibility to configure server version and client version
with pillar example
il y a 6 ans
Philippe Grégoire
7cfc9f5a04
Hint at `Host` support for `ssh_config` ( #133 )
The `ssh_config` state supports generating `Host` sections, but it is
buried in the source. By default, options are simply dumped in the
configuration file; without any `Host` directive.
This patch hints (and, actually, encourages) users to use `Host`
sections by updating the pillar example to use the `Hosts` directive
with the `*` pattern.
il y a 6 ans
alxwr
aa3da8f2c2
Pillar openssh.known_hosts_salt_ssh ( #128 )
* Pillar openssh.known_hosts_salt_ssh
* Dropped ill-named file
* Fixed aliasing of host names
* Improved pillar.example
* Opt-in to include localhost
* pillar/known_hosts_salt_ssh: clear cache in run()
* Dropped forgotten debugging output
il y a 6 ans
Florian Ermisch
bf9b9a335c
Add `openssh:known_hosts:static` to README and pillar.example
il y a 6 ans
Mario Fritschen
e665450ed4
Changed expr_form to tgt_type for deprecation reasons. ( #122 )
il y a 7 ans
alxwr
5e3368afcb
drop default values ( fixes #102 ) ( #117 )
* drop default values (fixes #102 )
* hmac-ripemd160 was dropped in 7.6
il y a 7 ans
Niels Abspoel
9cdb9aaba0
improve allow_deny_users_groups
il y a 7 ans
Alexander Weidinger
e523ae5281
Optionally add hostnames to known_hosts
il y a 7 ans
Alexander Weidinger
a5f4a56956
UsePrivilegeSeparation 'sandbox'
This is was introduced in 5.9, and is default in 6.1.
https://www.openssh.com/txt/release-5.9
https://www.openssh.com/txt/release-6.1
il y a 7 ans
Andres Montalban
500c915c33
Allow to config banner in pillar
il y a 7 ans
Alexander Weidinger
d37de77ba2
Copied docs from commit to pillar.example
il y a 7 ans
Alexander Weidinger
6b23b28f52
Opt-in to enforce RSA key length
il y a 7 ans
Alexander Weidinger
674216d0ad
openssh.auth_map
il y a 7 ans
ek9
f192b91192
add more verbose warnings regarding ssh_config in pillar.example
il y a 7 ans
ek9
ec796662bc
pillar.example: update with secure defaults for sshd_config and ssh_config
il y a 7 ans
ek9
d6e48f2b43
rebase based on latest update
il y a 8 ans
Pandu E Poluan
18e1866ac5
Update pillar.example
`pillar.example` now contains information on how to use the
'string-or-list' feature for some options.
Also an explanation on the new `ConfigBanner` option.
il y a 8 ans
Johannes Löthberg
a74d859992
Add AuthorizedKeysCommand to pillar.example
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
il y a 8 ans
Pandu E Poluan
11ba2acea7
Give information on using moduli_source
Give additional comments to inform that moduli can also be provided via a file, using the moduli_source key.
il y a 8 ans
Niels Abspoel
641851632f
add more authentication options
il y a 8 ans
Matthieu DERASSE
3542a1f534
Implement Session idle time out
il y a 8 ans
ek9
33344743b0
Add ability to control SSH server status (default: on)
il y a 9 ans
POTIER Mathieu
dda1fb5128
Put ssh keys on configured path in sshd_config (AuthorizedKeysFile)
Signed-off-by: POTIER Mathieu <mathieu.potier@onzeway.eu>
il y a 9 ans
Bogdan Radulescu
13cf374efe
Added configuration options for ssh_config
Made a small change to reflect the default sshd_config
il y a 9 ans
elfixit
18ba94d0fc
add options to give a key size to generate_key
il y a 9 ans
Ingo Bente
a927107b28
Adds support to customize /etc/ssh/moduli file
il y a 9 ans
Ingo Bente
83bb5ac5a0
adds support to harden sshd_config (KeyExchange, Ciphers, MACs)
il y a 9 ans
Niels Abspoel
2a68ccac1a
Add option to remove ssh_host_keys
il y a 9 ans
Niels Abspoel
3c828d9e08
Fix mine_function example in pillar.example
This fixes #34, salt version 2015.5.x needs an extra argument
for shell routines.
il y a 9 ans
朱金贺
5f65e92ebd
added the missing ":" and delete the redundant lines
il y a 9 ans
Raphaël Hertzog
1b74efd2d0
Add a new openssh.known_hosts state
This state manages /etc/ssh/ssh_known_hosts and fills it with
public SSH host keys of other minions.
il y a 9 ans
Bernd Schlapsi
128d4acfa2
Update pillar.example with two valid ssh-keys
il y a 10 ans
Niels Abspoel
6e65cdad03
add DenyUsers and DenyGroups example
il y a 10 ans
Niels Abspoel
33ee945557
Added AllowUsers,AllowGroups,DenyUsers,DenyGroups
This will add more options to set to secure openssh
- AllowUsers
- AllowGroups
- DenyUsers
- DenyGroups
il y a 10 ans
Bohdan Kmit
b843d8168b
add ed25519 host key type; add AuthenticationMethods option
il y a 10 ans
Franz Pletz
5d0f69ad2c
Cleanups for host key pillar example
il y a 10 ans
Franz Pletz
33f21a0976
Add support for ED25519 host keys
il y a 10 ans
Robert Fairburn
51277cc2f9
add pillar example
il y a 10 ans
Alan Pearce
eb9dec1b9d
Update pillar example
il y a 10 ans
Alan Pearce
25aa1a6733
Update pillar.example
il y a 10 ans
Wes Turner
44946b4142
Add a UseDNS option to pillar.example
il y a 10 ans
matthew-parlette
4b4f4b5d3d
Explicitly defined options as strings.
This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
il y a 10 ans
matthew-parlette
2f28a008c2
Cleared out static parts of config since it was causing issues
il y a 10 ans
Carlos Perelló Marín
e2cddca13e
Reverted the namespace change to avoid conflicts and backward incompatibilities
il y a 11 ans
Carlos Perelló Marín
47211d0648
Added support to manage ssh certificates
il y a 11 ans
Kenny Do
b0c7009cb2
updated sshd_config file to be populated by pillar
il y a 11 ans
Mark Eggert
92ac8a32aa
Modifying OpenSSH formula state to populate public/private DSA and RSA keys based on pillar data
il y a 11 ans