salt
/
openssh-formula
разклонено от ExternalMirrors/openssh-formula
Наблюдаван 1
Харесван 0
Разклонения 0
Код Версии 0 Activity
Saltstack Official OpenSSH Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
89 Ревизии
1 Клон
ИН на ревизия: 5f65e92ebd
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от '5f65e92ebd'
${ noResults }
openssh-formula/pillar.example

pillar.example 3.3KB
Директен файл Normal View История

Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
add ed25519 host key type; add AuthenticationMethods option
преди 10 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
added the missing ":" and delete the redundant lines
преди 9 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
Add a UseDNS option to pillar.example
преди 10 години
Added AllowUsers,AllowGroups,DenyUsers,DenyGroups This will add more options to set to secure openssh - AllowUsers - AllowGroups - DenyUsers - DenyGroups
преди 10 години
add DenyUsers and DenyGroups example
преди 10 години
add pillar example
преди 10 години
Added support to manage ssh certificates
преди 11 години
Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
Added support to manage ssh certificates
преди 11 години
Update pillar.example with two valid ssh-keys
преди 10 години
Added support to manage ssh certificates
преди 11 години
Update pillar.example with two valid ssh-keys
преди 10 години
Added support to manage ssh certificates
преди 11 години
Cleanups for host key pillar example
преди 10 години
Modifying OpenSSH formula state to populate public/private DSA and RSA keys based on pillar data
преди 11 години
Cleanups for host key pillar example
преди 10 години
Update pillar.example
преди 10 години
Cleanups for host key pillar example
преди 10 години
Update pillar example
преди 10 години
Cleanups for host key pillar example
преди 10 години
Modifying OpenSSH formula state to populate public/private DSA and RSA keys based on pillar data
преди 11 години
Add support for ED25519 host keys
преди 10 години
Add a new openssh.known_hosts state This state manages /etc/ssh/ssh_known_hosts and fills it with public SSH host keys of other minions.
преди 9 години
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129 
  1. sshd_config:

  2.   Port: 22

  3.   Protocol: 2

  4.   HostKey:

  5.     - /etc/ssh/ssh_host_rsa_key

  6.     - /etc/ssh/ssh_host_dsa_key

  7.     - /etc/ssh/ssh_host_ecdsa_key

  8.     - /etc/ssh/ssh_host_ed25519_key

  9.   UsePrivilegeSeparation: 'yes'

  10.   KeyRegenerationInterval: 3600

  11.   ServerKeyBits: 768

  12.   SyslogFacility: AUTH

  13.   LogLevel: INFO

  14.   LoginGraceTime: 120

  15.   PermitRootLogin: 'yes'

  16.   PasswordAuthentication: 'no'

  17.   StrictModes: 'yes'

  18.   RSAAuthentication: 'yes'

  19.   PubkeyAuthentication: 'yes'

  20.   IgnoreRhosts: 'yes'

  21.   RhostsRSAAuthentication: 'no'

  22.   HostbasedAuthentication: 'no'

  23.   PermitEmptyPasswords: 'no'

  24.   ChallengeResponseAuthentication: 'no'

  25.   AuthenticationMethods: 'publickey,keyboard-interactive'

  26.   X11Forwarding: 'yes'

  27.   X11DisplayOffset: 10

  28.   PrintMotd: 'no'

  29.   PrintLastLog: 'yes'

  30.   TCPKeepAlive: 'yes'

  31.   AcceptEnv: "LANG LC_*"

  32.   Subsystem: "sftp /usr/lib/openssh/sftp-server"

  33.   UsePAM: 'yes'

  34.   UseDNS: 'yes'

  35.   AllowUsers: 'vader@10.0.0.1 maul@evil.com sidious luke'

  36.   DenyUsers: 'yoda chewbaca@112.10.21.1'

  37.   AllowGroups: 'wheel staff imperial'

  38.   DenyGroups: 'rebel'

  39.   matches:

  40.     sftp_chroot:

  41.       type:

  42.         Group: sftpusers

  43.       options:

  44.         ChrootDirectory: /sftp-chroot/%u

  45.         X11Forwarding: no

  46.         AllowTcpForwarding: no

  47.         ForceCommand: internal-sftp

  48. 

  49. openssh:

  50.   auth:

  51.     joe-valid-ssh-key-desktop:

  52.       - user: joe

  53.         present: True

  54.         enc: ssh-rsa

  55.         comment: main key - desktop

  56.     joe-valid-ssh-key-notebook:

  57.       - user: joe

  58.         present: True

  59.         enc: ssh-rsa

  60.         comment: main key - notebook

  61.     joe-non-valid-ssh-key:

  62.       - user: joe

  63.         present: False

  64.         enc: ssh-rsa

  65.         comment: obsolete key - removed

  66. 

  67.   generate_dsa_keys: False

  68.   provide_dsa_keys: False

  69.   dsa:

  70.     private_key: |

  71.       -----BEGIN DSA PRIVATE KEY-----

  72.       NOT_DEFINED

  73.       -----END DSA PRIVATE KEY-----

  74.     public_key: |

  75.       ssh-dss NOT_DEFINED

  76. 

  77.   generate_ecdsa_keys: False

  78.   provide_ecdsa_keys: False

  79.   ecdsa:

  80.     private_key: |

  81.       -----BEGIN EC PRIVATE KEY-----

  82.       NOT_DEFINED

  83.       -----END EC PRIVATE KEY-----

  84.     public_key: |

  85.       ecdsa-sha2-nistp256 NOT_DEFINED

  86. 

  87.   generate_rsa_keys: False

  88.   provide_rsa_keys: False

  89.   rsa:

  90.     private_key: |

  91.       -----BEGIN RSA PRIVATE KEY-----

  92.       NOT_DEFINED

  93.       -----END RSA PRIVATE KEY-----

  94.     public_key: |

  95.       ssh-rsa NOT_DEFINED

  96. 

  97.   generate_ed25519_keys: False

  98.   provide_ed25519_keys: False

  99.   ed25519:

  100.     private_key: |

  101.       -----BEGIN OPENSSH PRIVATE KEY-----

  102.       NOT_DEFINED

  103.       -----END OPENSSH PRIVATE KEY-----

  104.     public_key: |

  105.       ssh-ed25519 NOT_DEFINED

  106. 

  107.   known_hosts:

  108.     # The next 2 settings restrict the set of minions that will be added in

  109.     # the generated ssh_known_hosts files (the default is to match all minions)

  110.     target: '*'

  111.     expr_form: 'glob'

  112.     # Name of mining functions used to gather public keys and hostnames

  113.     # (the default values are shown here)

  114.     mine_keys_function: public_ssh_host_keys

  115.     mine_hostname_function: public_ssh_hostname

  116.     # List of DNS entries also pointing to our managed machines and that we want

  117.     # to inject in our generated ssh_known_hosts file

  118.     aliases:

  119.       - cname-to-minion.example.org

  120.       - alias.example.org

  121. 

  122. # Required for openssh.known_hosts

  123. mine_functions:

  124.   public_ssh_host_keys:

  125.     mine_function: cmd.run

  126.     cmd: cat /etc/ssh/ssh_host_*_key.pub

  127.   public_ssh_hostname:

  128.     mine_function: grains.get

  129.     key: id