|
- openssh:
- pkg:
- - installed
- {% if grains['os_family'] == 'Debian' %}
- - name: openssh-server
- {% endif %}
- service.running:
- - enable: True
- {% if grains['os_family'] == 'RedHat' %}
- - name: sshd
- {% else %}
- - name: ssh
- {% endif %}
- - require:
- - pkg: openssh
- - file: sshd_banner
- - watch:
- - file: sshd_config
- {% if salt['pillar.get']('openssh:provide_dsa_keys', False) %}
- - file: /etc/ssh/ssh_host_dsa_key
- - file: /etc/ssh/ssh_host_dsa_key.pub
- {% endif %}
- {% if salt['pillar.get']('openssh:provide_rsa_keys', False) %}
- - file: /etc/ssh/ssh_host_rsa_key
- - file: /etc/ssh/ssh_host_rsa_key.pub
- {% endif %}
-
- sshd_config:
- file.managed:
- - name: /etc/ssh/sshd_config
- - source: salt://openssh/files/sshd_config
- - template: jinja
- - user: root
- - mode: 600
-
- sshd_banner:
- file.managed:
- - name: /etc/ssh/banner
- - source: salt://openssh/files/banner
- - template: jinja
-
- {% if salt['pillar.get']('openssh:provide_dsa_keys', False) %}
- ssh_host_dsa_key:
- file.managed:
- - name: /etc/ssh/ssh_host_dsa_key
- - contents_pillar: 'openssh:dsa:private_key'
- - user: root
- - mode: 600
-
- ssh_host_dsa_key.pub:
- file.managed:
- - name: /etc/ssh/ssh_host_dsa_key.pub
- - contents_pillar: 'openssh:dsa:public_key'
- - user: root
- - mode: 600
- {% endif %}
-
- {% if salt['pillar.get']('openssh:provide_rsa_keys', False) %}
- ssh_host_rsa_key:
- file.managed:
- - name: /etc/ssh/ssh_host_rsa_key
- - contents_pillar: 'openssh:rsa:private_key'
- - user: root
- - mode: 600
-
- ssh_host_rsa_key.pub:
- file.managed:
- - name: /etc/ssh/ssh_host_rsa_key.pub
- - contents_pillar: 'openssh:rsa:public_key'
- - user: root
- - mode: 600
- {% endif %}
|
