salt
/
openssh-formula
forked from ExternalMirrors/openssh-formula
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
Saltstack Official OpenSSH Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
89 Commits
1 Branch
Tree: 5f65e92ebd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5f65e92ebd'
${ noResults }
openssh-formula/pillar.example

130 lines
3.3KB
Raw Blame History 

  1. sshd_config:

  2.   Port: 22

  3.   Protocol: 2

  4.   HostKey:

  5.     - /etc/ssh/ssh_host_rsa_key

  6.     - /etc/ssh/ssh_host_dsa_key

  7.     - /etc/ssh/ssh_host_ecdsa_key

  8.     - /etc/ssh/ssh_host_ed25519_key

  9.   UsePrivilegeSeparation: 'yes'

  10.   KeyRegenerationInterval: 3600

  11.   ServerKeyBits: 768

  12.   SyslogFacility: AUTH

  13.   LogLevel: INFO

  14.   LoginGraceTime: 120

  15.   PermitRootLogin: 'yes'

  16.   PasswordAuthentication: 'no'

  17.   StrictModes: 'yes'

  18.   RSAAuthentication: 'yes'

  19.   PubkeyAuthentication: 'yes'

  20.   IgnoreRhosts: 'yes'

  21.   RhostsRSAAuthentication: 'no'

  22.   HostbasedAuthentication: 'no'

  23.   PermitEmptyPasswords: 'no'

  24.   ChallengeResponseAuthentication: 'no'

  25.   AuthenticationMethods: 'publickey,keyboard-interactive'

  26.   X11Forwarding: 'yes'

  27.   X11DisplayOffset: 10

  28.   PrintMotd: 'no'

  29.   PrintLastLog: 'yes'

  30.   TCPKeepAlive: 'yes'

  31.   AcceptEnv: "LANG LC_*"

  32.   Subsystem: "sftp /usr/lib/openssh/sftp-server"

  33.   UsePAM: 'yes'

  34.   UseDNS: 'yes'

  35.   AllowUsers: 'vader@10.0.0.1 maul@evil.com sidious luke'

  36.   DenyUsers: 'yoda chewbaca@112.10.21.1'

  37.   AllowGroups: 'wheel staff imperial'

  38.   DenyGroups: 'rebel'

  39.   matches:

  40.     sftp_chroot:

  41.       type:

  42.         Group: sftpusers

  43.       options:

  44.         ChrootDirectory: /sftp-chroot/%u

  45.         X11Forwarding: no

  46.         AllowTcpForwarding: no

  47.         ForceCommand: internal-sftp

  48. 

  49. openssh:

  50.   auth:

  51.     joe-valid-ssh-key-desktop:

  52.       - user: joe

  53.         present: True

  54.         enc: ssh-rsa

  55.         comment: main key - desktop

  56.     joe-valid-ssh-key-notebook:

  57.       - user: joe

  58.         present: True

  59.         enc: ssh-rsa

  60.         comment: main key - notebook

  61.     joe-non-valid-ssh-key:

  62.       - user: joe

  63.         present: False

  64.         enc: ssh-rsa

  65.         comment: obsolete key - removed

  66. 

  67.   generate_dsa_keys: False

  68.   provide_dsa_keys: False

  69.   dsa:

  70.     private_key: |

  71.       -----BEGIN DSA PRIVATE KEY-----

  72.       NOT_DEFINED

  73.       -----END DSA PRIVATE KEY-----

  74.     public_key: |

  75.       ssh-dss NOT_DEFINED

  76. 

  77.   generate_ecdsa_keys: False

  78.   provide_ecdsa_keys: False

  79.   ecdsa:

  80.     private_key: |

  81.       -----BEGIN EC PRIVATE KEY-----

  82.       NOT_DEFINED

  83.       -----END EC PRIVATE KEY-----

  84.     public_key: |

  85.       ecdsa-sha2-nistp256 NOT_DEFINED

  86. 

  87.   generate_rsa_keys: False

  88.   provide_rsa_keys: False

  89.   rsa:

  90.     private_key: |

  91.       -----BEGIN RSA PRIVATE KEY-----

  92.       NOT_DEFINED

  93.       -----END RSA PRIVATE KEY-----

  94.     public_key: |

  95.       ssh-rsa NOT_DEFINED

  96. 

  97.   generate_ed25519_keys: False

  98.   provide_ed25519_keys: False

  99.   ed25519:

  100.     private_key: |

  101.       -----BEGIN OPENSSH PRIVATE KEY-----

  102.       NOT_DEFINED

  103.       -----END OPENSSH PRIVATE KEY-----

  104.     public_key: |

  105.       ssh-ed25519 NOT_DEFINED

  106. 

  107.   known_hosts:

  108.     # The next 2 settings restrict the set of minions that will be added in

  109.     # the generated ssh_known_hosts files (the default is to match all minions)

  110.     target: '*'

  111.     expr_form: 'glob'

  112.     # Name of mining functions used to gather public keys and hostnames

  113.     # (the default values are shown here)

  114.     mine_keys_function: public_ssh_host_keys

  115.     mine_hostname_function: public_ssh_hostname

  116.     # List of DNS entries also pointing to our managed machines and that we want

  117.     # to inject in our generated ssh_known_hosts file

  118.     aliases:

  119.       - cname-to-minion.example.org

  120.       - alias.example.org

  121. 

  122. # Required for openssh.known_hosts

  123. mine_functions:

  124.   public_ssh_host_keys:

  125.     mine_function: cmd.run

  126.     cmd: cat /etc/ssh/ssh_host_*_key.pub

  127.   public_ssh_hostname:

  128.     mine_function: grains.get

  129.     key: id