Imran Iqbal
f6dbca3352
fix: complete PR #164
* Use consistent Jinja whitespace control `{%- ... -}`
* Improve debug output (comments & whitespace control)
* Use exact state names with TOFS `files_switch`
* Add `ssh_known_hosts_src` to `defaults` (for consistency)
* Restrict `pillar.example` changes to TOFS only
* Use `fire_banner` in `pillar.example` to indicate available template
5 yıl önce
nb
a47596f15a
feat(TOFS): ssh sshd configs known_host and banner
5 yıl önce
alxwr
d9653889fa
removed deprecated options ( #150 )
5 yıl önce
reschl
ffafd2a2f5
Support package versions ( #134 )
added possibility to configure server version and client version
with pillar example
6 yıl önce
Philippe Grégoire
7cfc9f5a04
Hint at `Host` support for `ssh_config` ( #133 )
The `ssh_config` state supports generating `Host` sections, but it is
buried in the source. By default, options are simply dumped in the
configuration file; without any `Host` directive.
This patch hints (and, actually, encourages) users to use `Host`
sections by updating the pillar example to use the `Hosts` directive
with the `*` pattern.
6 yıl önce
alxwr
aa3da8f2c2
Pillar openssh.known_hosts_salt_ssh ( #128 )
* Pillar openssh.known_hosts_salt_ssh
* Dropped ill-named file
* Fixed aliasing of host names
* Improved pillar.example
* Opt-in to include localhost
* pillar/known_hosts_salt_ssh: clear cache in run()
* Dropped forgotten debugging output
6 yıl önce
Florian Ermisch
bf9b9a335c
Add `openssh:known_hosts:static` to README and pillar.example
6 yıl önce
Mario Fritschen
e665450ed4
Changed expr_form to tgt_type for deprecation reasons. ( #122 )
7 yıl önce
alxwr
5e3368afcb
drop default values ( fixes #102 ) ( #117 )
* drop default values (fixes #102 )
* hmac-ripemd160 was dropped in 7.6
7 yıl önce
Niels Abspoel
9cdb9aaba0
improve allow_deny_users_groups
7 yıl önce
Alexander Weidinger
e523ae5281
Optionally add hostnames to known_hosts
7 yıl önce
Alexander Weidinger
a5f4a56956
UsePrivilegeSeparation 'sandbox'
This is was introduced in 5.9, and is default in 6.1.
https://www.openssh.com/txt/release-5.9
https://www.openssh.com/txt/release-6.1
7 yıl önce
Andres Montalban
500c915c33
Allow to config banner in pillar
7 yıl önce
Alexander Weidinger
d37de77ba2
Copied docs from commit to pillar.example
7 yıl önce
Alexander Weidinger
6b23b28f52
Opt-in to enforce RSA key length
7 yıl önce
Alexander Weidinger
674216d0ad
openssh.auth_map
7 yıl önce
ek9
f192b91192
add more verbose warnings regarding ssh_config in pillar.example
7 yıl önce
ek9
ec796662bc
pillar.example: update with secure defaults for sshd_config and ssh_config
7 yıl önce
ek9
d6e48f2b43
rebase based on latest update
8 yıl önce
Pandu E Poluan
18e1866ac5
Update pillar.example
`pillar.example` now contains information on how to use the
'string-or-list' feature for some options.
Also an explanation on the new `ConfigBanner` option.
8 yıl önce
Johannes Löthberg
a74d859992
Add AuthorizedKeysCommand to pillar.example
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
8 yıl önce
Pandu E Poluan
11ba2acea7
Give information on using moduli_source
Give additional comments to inform that moduli can also be provided via a file, using the moduli_source key.
8 yıl önce
Niels Abspoel
641851632f
add more authentication options
8 yıl önce
Matthieu DERASSE
3542a1f534
Implement Session idle time out
8 yıl önce
ek9
33344743b0
Add ability to control SSH server status (default: on)
9 yıl önce
POTIER Mathieu
dda1fb5128
Put ssh keys on configured path in sshd_config (AuthorizedKeysFile)
Signed-off-by: POTIER Mathieu <mathieu.potier@onzeway.eu>
9 yıl önce
Bogdan Radulescu
13cf374efe
Added configuration options for ssh_config
Made a small change to reflect the default sshd_config
9 yıl önce
elfixit
18ba94d0fc
add options to give a key size to generate_key
9 yıl önce
Ingo Bente
a927107b28
Adds support to customize /etc/ssh/moduli file
9 yıl önce
Ingo Bente
83bb5ac5a0
adds support to harden sshd_config (KeyExchange, Ciphers, MACs)
9 yıl önce
Niels Abspoel
2a68ccac1a
Add option to remove ssh_host_keys
9 yıl önce
Niels Abspoel
3c828d9e08
Fix mine_function example in pillar.example
This fixes #34, salt version 2015.5.x needs an extra argument
for shell routines.
9 yıl önce
朱金贺
5f65e92ebd
added the missing ":" and delete the redundant lines
9 yıl önce
Raphaël Hertzog
1b74efd2d0
Add a new openssh.known_hosts state
This state manages /etc/ssh/ssh_known_hosts and fills it with
public SSH host keys of other minions.
9 yıl önce
Bernd Schlapsi
128d4acfa2
Update pillar.example with two valid ssh-keys
10 yıl önce
Niels Abspoel
6e65cdad03
add DenyUsers and DenyGroups example
10 yıl önce
Niels Abspoel
33ee945557
Added AllowUsers,AllowGroups,DenyUsers,DenyGroups
This will add more options to set to secure openssh
- AllowUsers
- AllowGroups
- DenyUsers
- DenyGroups
10 yıl önce
Bohdan Kmit
b843d8168b
add ed25519 host key type; add AuthenticationMethods option
10 yıl önce
Franz Pletz
5d0f69ad2c
Cleanups for host key pillar example
10 yıl önce
Franz Pletz
33f21a0976
Add support for ED25519 host keys
10 yıl önce
Robert Fairburn
51277cc2f9
add pillar example
10 yıl önce
Alan Pearce
eb9dec1b9d
Update pillar example
10 yıl önce
Alan Pearce
25aa1a6733
Update pillar.example
10 yıl önce
Wes Turner
44946b4142
Add a UseDNS option to pillar.example
10 yıl önce
matthew-parlette
4b4f4b5d3d
Explicitly defined options as strings.
This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
10 yıl önce
matthew-parlette
2f28a008c2
Cleared out static parts of config since it was causing issues
10 yıl önce
Carlos Perelló Marín
e2cddca13e
Reverted the namespace change to avoid conflicts and backward incompatibilities
11 yıl önce
Carlos Perelló Marín
47211d0648
Added support to manage ssh certificates
11 yıl önce
Kenny Do
b0c7009cb2
updated sshd_config file to be populated by pillar
11 yıl önce
Mark Eggert
92ac8a32aa
Modifying OpenSSH formula state to populate public/private DSA and RSA keys based on pillar data
11 yıl önce