salt
/
openssh-formula
forked from ExternalMirrors/openssh-formula
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
Saltstack Official OpenSSH Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
100 Commits
1 Branch
Tree: bec4a2a77e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'bec4a2a77e'
${ noResults }
openssh-formula/pillar.example

135 lines
3.5KB
Raw Blame History 

  1. sshd_config:

  2.   Port: 22

  3.   Protocol: 2

  4.   HostKey:

  5.     - /etc/ssh/ssh_host_rsa_key

  6.     - /etc/ssh/ssh_host_dsa_key

  7.     - /etc/ssh/ssh_host_ecdsa_key

  8.     - /etc/ssh/ssh_host_ed25519_key

  9.   UsePrivilegeSeparation: 'yes'

  10.   KeyRegenerationInterval: 3600

  11.   ServerKeyBits: 768

  12.   SyslogFacility: AUTH

  13.   LogLevel: INFO

  14.   LoginGraceTime: 120

  15.   PermitRootLogin: 'yes'

  16.   PasswordAuthentication: 'no'

  17.   StrictModes: 'yes'

  18.   RSAAuthentication: 'yes'

  19.   PubkeyAuthentication: 'yes'

  20.   IgnoreRhosts: 'yes'

  21.   RhostsRSAAuthentication: 'no'

  22.   HostbasedAuthentication: 'no'

  23.   PermitEmptyPasswords: 'no'

  24.   ChallengeResponseAuthentication: 'no'

  25.   AuthenticationMethods: 'publickey,keyboard-interactive'

  26.   X11Forwarding: 'yes'

  27.   X11DisplayOffset: 10

  28.   PrintMotd: 'no'

  29.   PrintLastLog: 'yes'

  30.   TCPKeepAlive: 'yes'

  31.   AcceptEnv: "LANG LC_*"

  32.   Subsystem: "sftp /usr/lib/openssh/sftp-server"

  33.   UsePAM: 'yes'

  34.   UseDNS: 'yes'

  35.   AllowUsers: 'vader@10.0.0.1 maul@evil.com sidious luke'

  36.   DenyUsers: 'yoda chewbaca@112.10.21.1'

  37.   AllowGroups: 'wheel staff imperial'

  38.   DenyGroups: 'rebel'

  39.   matches:

  40.     sftp_chroot:

  41.       type:

  42.         Group: sftpusers

  43.       options:

  44.         ChrootDirectory: /sftp-chroot/%u

  45.         X11Forwarding: no

  46.         AllowTcpForwarding: no

  47.         ForceCommand: internal-sftp

  48. 

  49. openssh:

  50.   auth:

  51.     joe-valid-ssh-key-desktop:

  52.       - user: joe

  53.         present: True

  54.         enc: ssh-rsa

  55.         comment: main key - desktop

  56.     joe-valid-ssh-key-notebook:

  57.       - user: joe

  58.         present: True

  59.         enc: ssh-rsa

  60.         comment: main key - notebook

  61.     joe-non-valid-ssh-key:

  62.       - user: joe

  63.         present: False

  64.         enc: ssh-rsa

  65.         comment: obsolete key - removed

  66. 

  67.   generate_dsa_keys: False

  68.   absent_dsa_keys: False

  69.   provide_dsa_keys: False

  70.   dsa:

  71.     private_key: |

  72.       -----BEGIN DSA PRIVATE KEY-----

  73.       NOT_DEFINED

  74.       -----END DSA PRIVATE KEY-----

  75.     public_key: |

  76.       ssh-dss NOT_DEFINED

  77. 

  78.   generate_ecdsa_keys: False

  79.   absent_ecdsa_keys: False

  80.   provide_ecdsa_keys: False

  81.   ecdsa:

  82.     private_key: |

  83.       -----BEGIN EC PRIVATE KEY-----

  84.       NOT_DEFINED

  85.       -----END EC PRIVATE KEY-----

  86.     public_key: |

  87.       ecdsa-sha2-nistp256 NOT_DEFINED

  88. 

  89.   generate_rsa_keys: False

  90.   absent_rsa_keys: False

  91.   provide_rsa_keys: False

  92.   rsa:

  93.     private_key: |

  94.       -----BEGIN RSA PRIVATE KEY-----

  95.       NOT_DEFINED

  96.       -----END RSA PRIVATE KEY-----

  97.     public_key: |

  98.       ssh-rsa NOT_DEFINED

  99. 

  100.   generate_ed25519_keys: False

  101.   absent_ed25519_keys: False

  102.   provide_ed25519_keys: False

  103.   ed25519:

  104.     private_key: |

  105.       -----BEGIN OPENSSH PRIVATE KEY-----

  106.       NOT_DEFINED

  107.       -----END OPENSSH PRIVATE KEY-----

  108.     public_key: |

  109.       ssh-ed25519 NOT_DEFINED

  110. 

  111.   known_hosts:

  112.     # The next 2 settings restrict the set of minions that will be added in

  113.     # the generated ssh_known_hosts files (the default is to match all minions)

  114.     target: '*'

  115.     expr_form: 'glob'

  116.     # Name of mining functions used to gather public keys and hostnames

  117.     # (the default values are shown here)

  118.     mine_keys_function: public_ssh_host_keys

  119.     mine_hostname_function: public_ssh_hostname

  120.     # List of DNS entries also pointing to our managed machines and that we want

  121.     # to inject in our generated ssh_known_hosts file

  122.     aliases:

  123.       - cname-to-minion.example.org

  124.       - alias.example.org

  125. 

  126. # Required for openssh.known_hosts

  127. mine_functions:

  128.   public_ssh_host_keys:

  129.     mine_function: cmd.run

  130.     cmd: cat /etc/ssh/ssh_host_*_key.pub

  131.     python_shell: True

  132.   public_ssh_hostname:

  133.     mine_function: grains.get

  134.     key: id