openssh-formula/pillar.example

sshd_config:
  Port: 22
  Protocol: 2
  HostKey:
    - /etc/ssh/ssh_host_rsa_key
    - /etc/ssh/ssh_host_dsa_key
    - /etc/ssh/ssh_host_ecdsa_key
    - /etc/ssh/ssh_host_ed25519_key
  UsePrivilegeSeparation: 'yes'
  KeyRegenerationInterval: 3600
  ServerKeyBits: 768
  SyslogFacility: AUTH
  LogLevel: INFO
  LoginGraceTime: 120
  PermitRootLogin: 'yes'
  PasswordAuthentication: 'no'
  StrictModes: 'yes'
  RSAAuthentication: 'yes'
  PubkeyAuthentication: 'yes'
  IgnoreRhosts: 'yes'
  RhostsRSAAuthentication: 'no'
  HostbasedAuthentication: 'no'
  PermitEmptyPasswords: 'no'
  ChallengeResponseAuthentication: 'no'
  AuthenticationMethods 'publickey,keyboard-interactive'
  X11Forwarding: 'yes'
  X11DisplayOffset: 10
  PrintMotd: 'no'
  PrintLastLog: 'yes'
  TCPKeepAlive: 'yes'
  AcceptEnv: "LANG LC_*"
  Subsystem: "sftp /usr/lib/openssh/sftp-server"
  UsePAM: 'yes'
  UseDNS: 'yes'
  matches:
    sftp_chroot:
      type:
        Group: sftpusers
      options:
        ChrootDirectory: /sftp-chroot/%u
        X11Forwarding: no
        AllowTcpForwarding: no
        ForceCommand: internal-sftp

openssh:
  auth:
    joe:
      - name: JOE_VALID_SSH_PUBLIC_KEY
        present: True
        enc: ssh-rsa
        comment: main key
      - name: JOE_NON_VALID_SSH_PUBLIC_KEY
        present: False
        enc: ssh-rsa
        comment: obsolete key - removed

  generate_dsa_keys: False
  provide_dsa_keys: False
  dsa:
    private_key: |
      -----BEGIN DSA PRIVATE KEY-----
      NOT_DEFINED
      -----END DSA PRIVATE KEY-----
    public_key: |
      ssh-dss NOT_DEFINED

  generate_ecdsa_keys: False
  provide_ecdsa_keys: False
  ecdsa:
    private_key: |
      -----BEGIN EC PRIVATE KEY-----
      NOT_DEFINED
      -----END EC PRIVATE KEY-----
    public_key: |
      ecdsa-sha2-nistp256 NOT_DEFINED

  generate_rsa_keys: False
  provide_rsa_keys: False
  rsa:
    private_key: |
      -----BEGIN RSA PRIVATE KEY-----
      NOT_DEFINED
      -----END RSA PRIVATE KEY-----
    public_key: |
      ssh-rsa NOT_DEFINED

  generate_ed25519_keys: False
  provide_ed25519_keys: False
  ed25519:
    private_key: |
      -----BEGIN OPENSSH PRIVATE KEY-----
      NOT_DEFINED
      -----END OPENSSH PRIVATE KEY-----
    public_key: |
      ssh-ed25519 NOT_DEFINED