salt
/
openssh-formula
разклонено от ExternalMirrors/openssh-formula
Наблюдаван 1
Харесван 0
Разклонения 0
Код Версии 0 Activity
Saltstack Official OpenSSH Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
78 Ревизии
1 Клон
ИН на ревизия: 6e65cdad03
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от '6e65cdad03'
${ noResults }
openssh-formula/pillar.example

pillar.example 2.4KB
Директен файл Normal View История

Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
add ed25519 host key type; add AuthenticationMethods option
преди 10 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
add ed25519 host key type; add AuthenticationMethods option
преди 10 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
Explicitly defined options as strings. This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
преди 10 години
Add a UseDNS option to pillar.example
преди 10 години
Added AllowUsers,AllowGroups,DenyUsers,DenyGroups This will add more options to set to secure openssh - AllowUsers - AllowGroups - DenyUsers - DenyGroups
преди 10 години
add DenyUsers and DenyGroups example
преди 10 години
add pillar example
преди 10 години
Added support to manage ssh certificates
преди 11 години
Reverted the namespace change to avoid conflicts and backward incompatibilities
преди 11 години
Added support to manage ssh certificates
преди 11 години
Cleanups for host key pillar example
преди 10 години
Modifying OpenSSH formula state to populate public/private DSA and RSA keys based on pillar data
преди 11 години
Cleanups for host key pillar example
преди 10 години
Update pillar.example
преди 10 години
Cleanups for host key pillar example
преди 10 години
Update pillar example
преди 10 години
Cleanups for host key pillar example
преди 10 години
Modifying OpenSSH formula state to populate public/private DSA and RSA keys based on pillar data
преди 11 години
Add support for ED25519 host keys
преди 10 години
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 
  1. sshd_config:

  2.   Port: 22

  3.   Protocol: 2

  4.   HostKey:

  5.     - /etc/ssh/ssh_host_rsa_key

  6.     - /etc/ssh/ssh_host_dsa_key

  7.     - /etc/ssh/ssh_host_ecdsa_key

  8.     - /etc/ssh/ssh_host_ed25519_key

  9.   UsePrivilegeSeparation: 'yes'

  10.   KeyRegenerationInterval: 3600

  11.   ServerKeyBits: 768

  12.   SyslogFacility: AUTH

  13.   LogLevel: INFO

  14.   LoginGraceTime: 120

  15.   PermitRootLogin: 'yes'

  16.   PasswordAuthentication: 'no'

  17.   StrictModes: 'yes'

  18.   RSAAuthentication: 'yes'

  19.   PubkeyAuthentication: 'yes'

  20.   IgnoreRhosts: 'yes'

  21.   RhostsRSAAuthentication: 'no'

  22.   HostbasedAuthentication: 'no'

  23.   PermitEmptyPasswords: 'no'

  24.   ChallengeResponseAuthentication: 'no'

  25.   AuthenticationMethods 'publickey,keyboard-interactive'

  26.   X11Forwarding: 'yes'

  27.   X11DisplayOffset: 10

  28.   PrintMotd: 'no'

  29.   PrintLastLog: 'yes'

  30.   TCPKeepAlive: 'yes'

  31.   AcceptEnv: "LANG LC_*"

  32.   Subsystem: "sftp /usr/lib/openssh/sftp-server"

  33.   UsePAM: 'yes'

  34.   UseDNS: 'yes'

  35.   AllowUsers: 'vader@10.0.0.1 maul@evil.com sidious luke'

  36.   DenyUsers: 'yoda chewbaca@112.10.21.1'

  37.   AllowGroups: 'wheel staff imperial'

  38.   DenyGroups: 'rebel'

  39.   Deny

  40.   matches:

  41.     sftp_chroot:

  42.       type:

  43.         Group: sftpusers

  44.       options:

  45.         ChrootDirectory: /sftp-chroot/%u

  46.         X11Forwarding: no

  47.         AllowTcpForwarding: no

  48.         ForceCommand: internal-sftp

  49. 

  50. openssh:

  51.   auth:

  52.     joe:

  53.       - name: JOE_VALID_SSH_PUBLIC_KEY

  54.         present: True

  55.         enc: ssh-rsa

  56.         comment: main key

  57.       - name: JOE_NON_VALID_SSH_PUBLIC_KEY

  58.         present: False

  59.         enc: ssh-rsa

  60.         comment: obsolete key - removed

  61. 

  62.   generate_dsa_keys: False

  63.   provide_dsa_keys: False

  64.   dsa:

  65.     private_key: |

  66.       -----BEGIN DSA PRIVATE KEY-----

  67.       NOT_DEFINED

  68.       -----END DSA PRIVATE KEY-----

  69.     public_key: |

  70.       ssh-dss NOT_DEFINED

  71. 

  72.   generate_ecdsa_keys: False

  73.   provide_ecdsa_keys: False

  74.   ecdsa:

  75.     private_key: |

  76.       -----BEGIN EC PRIVATE KEY-----

  77.       NOT_DEFINED

  78.       -----END EC PRIVATE KEY-----

  79.     public_key: |

  80.       ecdsa-sha2-nistp256 NOT_DEFINED

  81. 

  82.   generate_rsa_keys: False

  83.   provide_rsa_keys: False

  84.   rsa:

  85.     private_key: |

  86.       -----BEGIN RSA PRIVATE KEY-----

  87.       NOT_DEFINED

  88.       -----END RSA PRIVATE KEY-----

  89.     public_key: |

  90.       ssh-rsa NOT_DEFINED

  91. 

  92.   generate_ed25519_keys: False

  93.   provide_ed25519_keys: False

  94.   ed25519:

  95.     private_key: |

  96.       -----BEGIN OPENSSH PRIVATE KEY-----

  97.       NOT_DEFINED

  98.       -----END OPENSSH PRIVATE KEY-----

  99.     public_key: |

  100.       ssh-ed25519 NOT_DEFINED