salt
/
openssh-formula
forked from ExternalMirrors/openssh-formula
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
Saltstack Official OpenSSH Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
247 Commits
1 Branch
Tree: 11366b3c17
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '11366b3c17'
${ noResults }
openssh-formula/README.rst

README.rst 3.9KB
Raw Normal View History

Add readme
11 years ago
Split the sshd_config and banner components into sub-states
11 years ago
Add readme
11 years ago
updated the README to adhere to standards.
11 years ago
Update README.rst Fixing broken link
10 years ago
updated the README to adhere to standards.
11 years ago
Split the sshd_config and banner components into sub-states
11 years ago
updated the README to adhere to standards.
11 years ago
added a state that installs the openssh client
11 years ago
updated the README to adhere to standards.
11 years ago
Added support to manage ssh certificates
11 years ago
openssh.auth_map
7 years ago
Added support to manage ssh certificates
11 years ago
updated the README to adhere to standards.
11 years ago
Added support to manage ssh certificates
11 years ago
updated the README to adhere to standards.
11 years ago
added a state that installs the openssh client
11 years ago
Added support to manage ssh certificates
11 years ago
updated the README to adhere to standards.
11 years ago
Added support to manage ssh certificates
11 years ago
Updated the readme to clarify that people need to explicitly turn off root login
9 years ago
[openssh/config_ini] initial version of config_ini which uses ini state closes #123
6 years ago
Add a new openssh.known_hosts state This state manages /etc/ssh/ssh_known_hosts and fills it with public SSH host keys of other minions.
9 years ago
Add `openssh:known_hosts:static` to README and pillar.example
6 years ago
Add a new openssh.known_hosts state This state manages /etc/ssh/ssh_known_hosts and fills it with public SSH host keys of other minions.
9 years ago
Changed expr_form to tgt_type for deprecation reasons. (#122)
7 years ago
Add a new openssh.known_hosts state This state manages /etc/ssh/ssh_known_hosts and fills it with public SSH host keys of other minions.
9 years ago
Fix mine function example in README.rst like it was already done in the pillar.example in this PR https://github.com/saltstack-formulas/openssh-formula/pull/36 to avoid confusions.
8 years ago
Add a new openssh.known_hosts state This state manages /etc/ssh/ssh_known_hosts and fills it with public SSH host keys of other minions.
9 years ago
Adds support to customize /etc/ssh/moduli file
9 years ago
Add `openssh:known_hosts:static` to README and pillar.example
6 years ago
Adds support to customize /etc/ssh/moduli file
9 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 
  1. openssh

  2. =======

  3. Install and configure an openssh server.

  4. 

  5. .. note::

  6. 

  7.     See the full `Salt Formulas installation and usage instructions

  8.     <http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html>`_.

  9. 

  10. Available states

  11. ================

  12. 

  13. .. contents::

  14.     :local:

  15. 

  16. ``openssh``

  17. -----------

  18. 

  19. Installs the ``openssh`` server package and service.

  20. 

  21. ``openssh.auth``

  22. -----------

  23. 

  24. Manages SSH certificates for users.

  25. 

  26. ``openssh.auth_map``

  27. -----------

  28. 

  29. Same functionality as openssh.auth but with a simplified Pillar syntax.

  30. Plays nicely with `Pillarstack

  31. <https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.stack.html>`_.

  32. 

  33. ``openssh.banner``

  34. ------------------

  35. 

  36. Installs a banner that users see when SSH-ing in.

  37. 

  38. ``openssh.client``

  39. ------------------

  40. 

  41. Installs the openssh client package.

  42. 

  43. ``openssh.config``

  44. ------------------

  45. 

  46. Installs the ssh daemon configuration file included in this formula

  47. (under "openssh/files"). This configuration file is populated

  48. by values from pillar. ``pillar.example`` results in the generation

  49. of the default ``sshd_config`` file on Debian Wheezy.

  50. 

  51. It is highly recommended ``PermitRootLogin`` is added to pillar

  52. so root login will be disabled.

  53. 

  54. ``openssh.config_ini``

  55. ----------------------

  56. 

  57. Version of managing ``sshd_config`` that uses the 

  58. `ini_managed.option_present <https://docs.saltstack.com/en/latest/ref/states/all/salt.states.ini_manage.html>`_

  59. state module, so it enables to override only one or 

  60. multiple values and keeping the defaults shipped by your 

  61. distribution. 

  62. 

  63. 

  64. ``openssh.known_hosts``

  65. -----------------------

  66. 

  67. Manages the side-wide ssh_known_hosts file and fills it with the

  68. public SSH host keys of your minions (collected via the Salt mine)

  69. and of hosts listed in you pillar data. You can restrict the set of minions

  70. whose keys are listed by using the pillar data ``openssh:known_hosts:target``

  71. and ``openssh:known_hosts:tgt_type`` (those fields map directly to the

  72. corresponding attributes of the ``mine.get`` function).

  73. 

  74. The Salt mine is used to share the public SSH host keys, you must thus

  75. configure it accordingly on all hosts that must export their keys. Two

  76. mine functions are required, one that exports the keys (one key per line,

  77. as they are stored in ``/etc/ssh/ssh_host_*_key.pub``) and one that defines

  78. the public hostname that the keys are associated to. Here's the way to

  79. setup those functions through pillar::

  80. 

  81.     # Required for openssh.known_hosts

  82.     mine_functions:

  83.       public_ssh_host_keys:

  84.         mine_function: cmd.run

  85.         cmd: cat /etc/ssh/ssh_host_*_key.pub

  86.         python_shell: True

  87.       public_ssh_hostname:

  88.         mine_function: grains.get

  89.         key: id

  90. 

  91. The above example assumes that the minion identifier is a valid DNS name

  92. that can be used to connect to the host. If that's not the case, you might

  93. want to use the ``fqdn`` grain instead of the ``id`` one. The above example

  94. also uses the default mine function names used by this formula. If you have to

  95. use other names, then you should indicate the names to use in pillar keys

  96. ``openssh:known_hosts:mine_keys_function`` and

  97. ``openssh:known_hosts:mine_hostname_function``.

  98. 

  99. You can also integrate alternate DNS names of the various hosts in the

  100. ssh_known_hosts files. You just have to list all the alternate DNS names as a

  101. list in the ``openssh:known_hosts:aliases`` pillar key. Whenever the IPv4 or

  102. IPv6 behind one of those DNS entries matches an IPv4 or IPv6 behind the

  103. official hostname of a minion, the alternate DNS name will be associated to the

  104. minion's public SSH host key.

  105. 

  106. To add public keys of hosts not among your minions list them under the

  107. pillar key ``openssh:known_hosts:static``::

  108. 

  109.     openssh:

  110.       known_hosts:

  111.         static:

  112.           github.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq[...]'

  113.           gitlab.com: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABA[...]'

  114. 

  115. 

  116. ``openssh.moduli``

  117. -----------------------

  118. 

  119. Manages the system wide ``/etc/ssh/moduli`` file.