salt
/
openssh-formula
разклонено от ExternalMirrors/openssh-formula
Наблюдаван 1
Харесван 0
Разклонения 0
Код Версии 0 Activity
Saltstack Official OpenSSH Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
87 Ревизии
1 Клон
ИН на ревизия: 60691ef20d
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от '60691ef20d'
${ noResults }
openssh-formula/pillar.example

pillar.example 3.3KB
Директен файл Normal View История

Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
add ed25519 host key type; add AuthenticationMethods option
преди 10 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
add ed25519 host key type; add AuthenticationMethods option
преди 10 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
Add a UseDNS option to pillar.example
преди 10 години
Added AllowUsers,AllowGroups,DenyUsers,DenyGroups This will add more options to set to secure openssh - AllowUsers - AllowGroups - DenyUsers - DenyGroups
преди 10 години
add DenyUsers and DenyGroups example
преди 10 години
add pillar example
преди 10 години
Added support to manage ssh certificates
преди 11 години
Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
Added support to manage ssh certificates
преди 11 години
Update pillar.example with two valid ssh-keys
преди 10 години
Added support to manage ssh certificates
преди 11 години
Update pillar.example with two valid ssh-keys
преди 10 години
Added support to manage ssh certificates
преди 11 години
Cleanups for host key pillar example
преди 10 години
Modifying OpenSSH formula state to populate public/private DSA and RSA keys based on pillar data
преди 11 години
Cleanups for host key pillar example
преди 10 години
Update pillar.example
преди 10 години
Cleanups for host key pillar example
преди 10 години
Update pillar example
преди 10 години
Cleanups for host key pillar example
преди 10 години
Modifying OpenSSH formula state to populate public/private DSA and RSA keys based on pillar data
преди 11 години
Add support for ED25519 host keys
преди 10 години
Add a new openssh.known_hosts state This state manages /etc/ssh/ssh_known_hosts and fills it with public SSH host keys of other minions.
преди 9 години
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130 
  1. sshd_config:

  2.   Port: 22

  3.   Protocol: 2

  4.   HostKey:

  5.     - /etc/ssh/ssh_host_rsa_key

  6.     - /etc/ssh/ssh_host_dsa_key

  7.     - /etc/ssh/ssh_host_ecdsa_key

  8.     - /etc/ssh/ssh_host_ed25519_key

  9.   UsePrivilegeSeparation: 'yes'

  10.   KeyRegenerationInterval: 3600

  11.   ServerKeyBits: 768

  12.   SyslogFacility: AUTH

  13.   LogLevel: INFO

  14.   LoginGraceTime: 120

  15.   PermitRootLogin: 'yes'

  16.   PasswordAuthentication: 'no'

  17.   StrictModes: 'yes'

  18.   RSAAuthentication: 'yes'

  19.   PubkeyAuthentication: 'yes'

  20.   IgnoreRhosts: 'yes'

  21.   RhostsRSAAuthentication: 'no'

  22.   HostbasedAuthentication: 'no'

  23.   PermitEmptyPasswords: 'no'

  24.   ChallengeResponseAuthentication: 'no'

  25.   AuthenticationMethods 'publickey,keyboard-interactive'

  26.   X11Forwarding: 'yes'

  27.   X11DisplayOffset: 10

  28.   PrintMotd: 'no'

  29.   PrintLastLog: 'yes'

  30.   TCPKeepAlive: 'yes'

  31.   AcceptEnv: "LANG LC_*"

  32.   Subsystem: "sftp /usr/lib/openssh/sftp-server"

  33.   UsePAM: 'yes'

  34.   UseDNS: 'yes'

  35.   AllowUsers: 'vader@10.0.0.1 maul@evil.com sidious luke'

  36.   DenyUsers: 'yoda chewbaca@112.10.21.1'

  37.   AllowGroups: 'wheel staff imperial'

  38.   DenyGroups: 'rebel'

  39.   Deny

  40.   matches:

  41.     sftp_chroot:

  42.       type:

  43.         Group: sftpusers

  44.       options:

  45.         ChrootDirectory: /sftp-chroot/%u

  46.         X11Forwarding: no

  47.         AllowTcpForwarding: no

  48.         ForceCommand: internal-sftp

  49. 

  50. openssh:

  51.   auth:

  52.     joe-valid-ssh-key-desktop:

  53.       - user: joe

  54.         present: True

  55.         enc: ssh-rsa

  56.         comment: main key - desktop

  57.     joe-valid-ssh-key-notebook:

  58.       - user: joe

  59.         present: True

  60.         enc: ssh-rsa

  61.         comment: main key - notebook

  62.     joe-non-valid-ssh-key:

  63.       - user: joe

  64.         present: False

  65.         enc: ssh-rsa

  66.         comment: obsolete key - removed

  67. 

  68.   generate_dsa_keys: False

  69.   provide_dsa_keys: False

  70.   dsa:

  71.     private_key: |

  72.       -----BEGIN DSA PRIVATE KEY-----

  73.       NOT_DEFINED

  74.       -----END DSA PRIVATE KEY-----

  75.     public_key: |

  76.       ssh-dss NOT_DEFINED

  77. 

  78.   generate_ecdsa_keys: False

  79.   provide_ecdsa_keys: False

  80.   ecdsa:

  81.     private_key: |

  82.       -----BEGIN EC PRIVATE KEY-----

  83.       NOT_DEFINED

  84.       -----END EC PRIVATE KEY-----

  85.     public_key: |

  86.       ecdsa-sha2-nistp256 NOT_DEFINED

  87. 

  88.   generate_rsa_keys: False

  89.   provide_rsa_keys: False

  90.   rsa:

  91.     private_key: |

  92.       -----BEGIN RSA PRIVATE KEY-----

  93.       NOT_DEFINED

  94.       -----END RSA PRIVATE KEY-----

  95.     public_key: |

  96.       ssh-rsa NOT_DEFINED

  97. 

  98.   generate_ed25519_keys: False

  99.   provide_ed25519_keys: False

  100.   ed25519:

  101.     private_key: |

  102.       -----BEGIN OPENSSH PRIVATE KEY-----

  103.       NOT_DEFINED

  104.       -----END OPENSSH PRIVATE KEY-----

  105.     public_key: |

  106.       ssh-ed25519 NOT_DEFINED

  107. 

  108.   known_hosts:

  109.     # The next 2 settings restrict the set of minions that will be added in

  110.     # the generated ssh_known_hosts files (the default is to match all minions)

  111.     target: '*'

  112.     expr_form: 'glob'

  113.     # Name of mining functions used to gather public keys and hostnames

  114.     # (the default values are shown here)

  115.     mine_keys_function: public_ssh_host_keys

  116.     mine_hostname_function: public_ssh_hostname

  117.     # List of DNS entries also pointing to our managed machines and that we want

  118.     # to inject in our generated ssh_known_hosts file

  119.     aliases:

  120.       - cname-to-minion.example.org

  121.       - alias.example.org

  122. 

  123. # Required for openssh.known_hosts

  124. mine_functions:

  125.   public_ssh_host_keys:

  126.     mine_function: cmd.run

  127.     cmd: cat /etc/ssh/ssh_host_*_key.pub

  128.   public_ssh_hostname:

  129.     mine_function: grains.get

  130.     key: id