Carlos Perelló Marín
11 år sedan
5 ändrade filer med 102 tillägg och 39 borttagningar
+ 1
- 1
LICENSE
Visa fil
| @@ -1,4 +1,4 @@ | |||
| Copyright (c) 2013 Salt Stack Formulas | |||
| Copyright (c) 2013-2014 Salt Stack Formulas | |||
| Licensed under the Apache License, Version 2.0 (the "License"); | |||
| you may not use this file except in compliance with the License. | |||
+ 13
- 7
README.rst
Visa fil
| @@ -18,20 +18,26 @@ Available states | |||
| Installs the ``openssh`` server package and service. | |||
| ``openssh.config`` | |||
| ``openssh.auth`` | |||
| ----------- | |||
| Manages SSH certificates for users. | |||
| ``openssh.banner`` | |||
| ------------------ | |||
| Installs the ssh daemon configuration file included in this formula | |||
| (under "openssh/files"). This configuration file is populated | |||
| by values from pillar. ``pillar.example`` results in the generation | |||
| of the default ``sshd_config`` file on Debian Wheezy. | |||
| Installs a banner that users see when SSH-ing in. | |||
| ``openssh.client`` | |||
| ------------------ | |||
| Installs the openssh client package. | |||
| ``openssh.banner`` | |||
| ``openssh.config`` | |||
| ------------------ | |||
| Installs a banner that users see when SSH-ing in. | |||
| Installs the ssh daemon configuration file included in this formula | |||
| (under "openssh/files"). This configuration file is populated | |||
| by values from pillar. ``pillar.example`` results in the generation | |||
| of the default ``sshd_config`` file on Debian Wheezy. | |||
+ 43
- 0
openssh/auth.sls
Visa fil
| @@ -0,0 +1,43 @@ | |||
| include: | |||
| - openssh | |||
| {% from "openssh/map.jinja" import openssh with context %} | |||
| {% set openssh_pillar = pillar.get('openssh', {}) %} | |||
| {% set auth = openssh_pillar.get('auth', {}) %} | |||
| {% for user,keys in auth.items() -%} | |||
| {% for key in keys -%} | |||
| {% if 'present' in key and key['present'] %} | |||
| {{ key['name'] }}: | |||
| ssh_auth.present: | |||
| - user: {{ user }} | |||
| {% if 'source' in key %} | |||
| - source: {{ key['source'] }} | |||
| {% else %} | |||
| {% if 'enc' in key %} | |||
| - enc: {{ key['enc'] }} | |||
| {% endif %} | |||
| {% if 'comment' in key %} | |||
| - comment: {{ key['comment'] }} | |||
| {% endif %} | |||
| {% if 'options' in key %} | |||
| - options: {{ key['options'] }} | |||
| {% endif %} | |||
| {% endif %} | |||
| - require: | |||
| - service: {{ openssh.service }} | |||
| {% else %} | |||
| {{ key['name'] }}: | |||
| ssh_auth.absent: | |||
| - user: {{ user }} | |||
| {% if 'enc' in key %} | |||
| - enc: {{ key['enc'] }} | |||
| {% endif %} | |||
| {% if 'comment' in key %} | |||
| - comment: {{ key['comment'] }} | |||
| {% endif %} | |||
| {% if 'options' in key %} | |||
| - options: {{ key['options'] }} | |||
| {% endif %} | |||
| {% endif %} | |||
| {% endfor %} | |||
| {% endfor %} | |||
+ 2
- 1
openssh/files/sshd_config
Visa fil
| @@ -1,4 +1,5 @@ | |||
| {% set sshd_config = pillar.get('sshd_config', {}) %} | |||
| {% set openssh_pillar = pillar.get('openssh', {}) %} | |||
| {% set sshd_config = openssh_pillar.get('sshd_config', {}) %} | |||
| # This file is managed by salt. Manual changes risk being overwritten. | |||
| # The contents of the original sshd_config are kept on the bottom for | |||
+ 43
- 30
pillar.example
Visa fil
| @@ -1,30 +1,43 @@ | |||
| sshd_config: | |||
| Port: 22 | |||
| Protocol: 2 | |||
| HostKey: | |||
| - /etc/ssh/ssh_host_rsa_key | |||
| - /etc/ssh/ssh_host_dsa_key | |||
| - /etc/ssh/ssh_host_ecdsa_key | |||
| UsePrivilegeSeparation: yes | |||
| KeyRegenerationInterval: 3600 | |||
| ServerKeyBits: 768 | |||
| SyslogFacility: AUTH | |||
| LogLevel: INFO | |||
| LoginGraceTime: 120 | |||
| PermitRootLogin: yes | |||
| StrictModes: yes | |||
| RSAAuthentication: yes | |||
| PubkeyAuthentication: yes | |||
| IgnoreRhosts: yes | |||
| RhostsRSAAuthentication: no | |||
| HostbasedAuthentication: no | |||
| PermitEmptyPasswords: no | |||
| ChallengeResponseAuthentication: no | |||
| X11Forwarding: yes | |||
| X11DisplayOffset: 10 | |||
| PrintMotd: no | |||
| PrintLastLog: yes | |||
| TCPKeepAlive: yes | |||
| AcceptEnv: "LANG LC_*" | |||
| Subsystem: "sftp /usr/lib/openssh/sftp-server" | |||
| UsePAM: yes | |||
| openssh: | |||
| sshd_config: | |||
| Port: 22 | |||
| Protocol: 2 | |||
| HostKey: | |||
| - /etc/ssh/ssh_host_rsa_key | |||
| - /etc/ssh/ssh_host_dsa_key | |||
| - /etc/ssh/ssh_host_ecdsa_key | |||
| UsePrivilegeSeparation: yes | |||
| KeyRegenerationInterval: 3600 | |||
| ServerKeyBits: 768 | |||
| SyslogFacility: AUTH | |||
| LogLevel: INFO | |||
| LoginGraceTime: 120 | |||
| PermitRootLogin: yes | |||
| StrictModes: yes | |||
| RSAAuthentication: yes | |||
| PubkeyAuthentication: yes | |||
| IgnoreRhosts: yes | |||
| RhostsRSAAuthentication: no | |||
| HostbasedAuthentication: no | |||
| PermitEmptyPasswords: no | |||
| ChallengeResponseAuthentication: no | |||
| X11Forwarding: yes | |||
| X11DisplayOffset: 10 | |||
| PrintMotd: no | |||
| PrintLastLog: yes | |||
| TCPKeepAlive: yes | |||
| AcceptEnv: "LANG LC_*" | |||
| Subsystem: "sftp /usr/lib/openssh/sftp-server" | |||
| UsePAM: yes | |||
| auth: | |||
| joe: | |||
| - name: JOE_VALID_SSH_PUBLIC_KEY | |||
| present: True | |||
| enc: ssh-rsa | |||
| comment: main key | |||
| - name: JOE_NON_VALID_SSH_PUBLIC_KEY | |||
| present: False | |||
| enc: ssh-rsa | |||
| comment: obsolete key - removed | |||
Laddar…