Merge pull request #217 from dafyddj/chore/copier

chore: apply template `copier-ssf-ci` at v1.7.0
2026-05-06 13:09:28 +02:00 · 2025-06-09 13:50:06 +01:00 · 2025-06-09 13:50:06 +01:00 · 30efbea8b9
commit 30efbea8b9
parent 83962eb3b4 f214ad03aa
26 changed files with 2596 additions and 720 deletions
--- a/.copier-answers.ssf-ci.yml
+++ b/.copier-answers.ssf-ci.yml
@ -0,0 +1,19 @@
+# Changes here will be overwritten by Copier; NEVER EDIT MANUALLY
+_commit: v1.7.0
+_src_path: https://github.com/dafyddj/copier-ssf-ci
+failure_permitted_pattern: (?x)(-master$|^fedora-41-|^amazonlinux-2-)
+formula_name: openssh
+renovate_extend_presets:
+- github>saltstack-formulas/.github
+- github>saltstack-formulas/.github:copier
+renovate_ignore_presets: []
+supported_oses:
+- AlmaLinux OS
+- Amazon Linux
+- CentOS
+- Debian
+- Fedora Linux
+- openSUSE
+- Oracle Linux
+- Rocky Linux
+- Ubuntu
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@ -0,0 +1,11 @@
+{
+$schema: 'https://docs.renovatebot.com/renovate-schema.json',
+extends: [
+  "github>saltstack-formulas/.github",
+  "github>saltstack-formulas/.github:copier"
+],
+/**********************************************************
+ * This file is managed as part of a Copier template.     *
+ * Please make your own changes below this comment.       *
+ *********************************************************/
+}
--- a/.github/settings.yml
+++ b/.github/settings.yml
@ -0,0 +1,8 @@
+---
+# These settings are synced to GitHub by https://probot.github.io/apps/settings/
+
+repository:
+  # See https://docs.github.com/en/rest/reference/repos#update-a-repository
+  # for all available settings
+
+  allow_squash_merge: false
--- a/.github/workflows/kitchen.vagrant.yml
+++ b/.github/workflows/kitchen.vagrant.yml
@ -1,37 +0,0 @@
-# -*- coding: utf-8 -*-
-# vim: ft=yaml
---
-name: 'Kitchen Vagrant (FreeBSD & OpenBSD)'
-'on': ['push', 'pull_request']
-
-env:
-  KITCHEN_LOCAL_YAML: 'kitchen.vagrant.yml'
-
-jobs:
-  test:
-    runs-on: 'macos-10.15'
-    strategy:
-      fail-fast: false
-      matrix:
-        instance:
-          - default-freebsd-130-master-py3
-          - default-freebsd-123-master-py3
-          # - default-freebsd-130-3004-0-py3
-          # - default-freebsd-123-3004-0-py3
-          - default-openbsd-70-3003-3-py3
-    steps:
-      - name: 'Check out code'
-        uses: 'actions/checkout@v2'
-      - name: 'Set up Bundler cache'
-        uses: 'actions/cache@v1'
-        with:
-          path: 'vendor/bundle'
-          key: "${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}"
-          restore-keys: "${{ runner.os }}-gems-"
-      - name: 'Run Bundler'
-        run: |
-          ruby --version
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-      - name: 'Run Test Kitchen'
-        run: 'bundle exec kitchen verify ${{ matrix.instance }}'
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -0,0 +1,60 @@
+---
+# yamllint disable rule:comments
+name: Test & release
+
+'on':
+  - pull_request
+  - push
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != format('refs/heads/{0}',
+                          github.event.repository.default_branch) }}
+
+jobs:
+  should-run:
+    name: Prep / Should run
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    outputs:
+      should-run: ${{ steps.action.outputs.should-run }}
+    steps:
+      - id: action
+        uses:
+          # yamllint disable-line rule:line-length
+          techneg-it/should-workflow-run@dcbb88600d59ec2842778ef1e2d41f680f876329 # v1.0.0
+  pre-commit:
+    name: Lint / `pre-commit`
+    needs: should-run
+    if: fromJSON(needs.should-run.outputs.should-run)
+    container: techneg/ci-pre-commit:v2.3.3
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Export `CI_CACHE_ID` from container
+        run: echo "CI_CACHE_ID=$(cat /.ci_cache_id)" >> $GITHUB_ENV
+      - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        with:
+          path: ~/.cache/pre-commit
+          key: "${{ env.CI_CACHE_ID }}|\
+                ${{ hashFiles('.pre-commit-config.yaml') }}"
+      - name: Run `pre-commit`
+        run: |
+          git config --global --add safe.directory $(pwd)
+          pre-commit run --all-files --color always --verbose
+          pre-commit run --color always --hook-stage manual commitlint-ci
+  results:
+    name: Release / Collect results
+    permissions:
+      checks: read
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      # yamllint disable-line rule:line-length
+      - uses: poseidon/wait-for-status-checks@899c768d191b56eef585c18f8558da19e1f3e707 # v0.6.0
+        with:
+          ignore: Release / Collect results
+          ignore_pattern: ^GitLab CI
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - run: echo "::notice ::Workflow success!"
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -9,47 +9,82 @@
  only_branch_master_parent_repo: &only_branch_master_parent_repo
    - 'master@saltstack-formulas/openssh-formula'
  # `stage`
+  stage_cache: &stage_cache 'cache'
  stage_lint: &stage_lint 'lint'
  stage_release: &stage_release 'release'
  stage_test: &stage_test 'test'
  # `image`
-  image_commitlint: &image_commitlint 'myii/ssf-commitlint:11'
-  image_dindruby: &image_dindruby 'myii/ssf-dind-ruby:2.7.1-r3'
-  image_precommit: &image_precommit
-    name: 'myii/ssf-pre-commit:2.9.2'
-    entrypoint: ['/bin/bash', '-c']
-  image_rubocop: &image_rubocop 'pipelinecomponents/rubocop:latest'
-  image_semantic-release: &image_semanticrelease 'myii/ssf-semantic-release:15.14'
+  # yamllint disable rule:line-length
+  image_commitlint: &image_commitlint 'techneg/ci-commitlint:v1.1.90@sha256:8334132f86e7241ed7eb5ac6469aa1a44c68f2b0923349209e7a7f403de18c97'
+  image_dindruby: &image_dindruby 'techneg/ci-docker-python-ruby:v2.2.59@sha256:df2308e9c162f73c2094a913dcd29baccb07e3fd677418a74437e7780a7bcd1b'
+  image_dindrubybionic: &image_dindrubybionic 'techneg/ci-docker-python-ruby:v2.2.59@sha256:df2308e9c162f73c2094a913dcd29baccb07e3fd677418a74437e7780a7bcd1b'
+  image_precommit: &image_precommit 'techneg/ci-pre-commit:v2.4.24@sha256:0508ba9bb36bbfe9c12da5745cfb85159cdfbf8453c64fb63c9ca4d6e6cca679'
+  image_rubocop: &image_rubocop 'pipelinecomponents/rubocop:latest@sha256:fe69f9642c7edde46bbd78326d2c42c6e13fc73694efb142e92e206725479328'
+  image_semantic-release: &image_semanticrelease 'myii/ssf-semantic-release:15.14@sha256:374f588420087517a3cc0235e11293bffd72d7a59da3d98d5e69f014ff2a7761'
  # `services`
  services_docker_dind: &services_docker_dind
-    - 'docker:dind'
+    - 'docker:28.2.2-dind@sha256:bbc590727c1e4fe707877314ff4f0f977bdda2985c485f2b044db0e18979efb3'
+  # yamllint enable rule:line-length
  # `variables`
  # https://forum.gitlab.com/t/gitlab-com-ci-caching-rubygems/5627/3
-  # https://bundler.io/v1.16/bundle_config.html
+  # https://bundler.io/v2.3/man/bundle-config.1.html
  variables_bundler: &variables_bundler
-    BUNDLE_CACHE_PATH: '${CI_PROJECT_DIR}/.cache/bundler'
-    BUNDLE_WITHOUT: 'production'
-  # `cache`
+    BUNDLE_PATH: '${CI_PROJECT_DIR}/.cache/bundler'
+    BUNDLE_DEPLOYMENT: 'true'
+  bundle_install: &bundle_install
+    - 'bundle version'
+    - 'bundle config list'
+    # `--no-cache` means don't bother caching the downloaded .gem files
+    - 'time bundle install --no-cache'
  cache_bundler: &cache_bundler
-    key: '${CI_JOB_STAGE}'
+    key:
+      files:
+        - 'Gemfile.lock'
+      prefix: 'bundler'
    paths:
-      - '${BUNDLE_CACHE_PATH}'
+      - '${BUNDLE_PATH}'
+  # https://pre-commit.com/#gitlab-ci-example
+  variables_pre-commit: &variables_pre-commit
+    PRE_COMMIT_HOME: '${CI_PROJECT_DIR}/.cache/pre-commit'
+  cache_pre-commit: &cache_pre-commit
+    key:
+      files:
+        - '.pre-commit-config.yaml'
+      prefix: 'pre-commit'
+    paths:
+      - '${PRE_COMMIT_HOME}'

 ###############################################################################
 # Define stages and global variables
 ###############################################################################
 stages:
+  - *stage_cache
  - *stage_lint
  - *stage_test
  - *stage_release
 variables:
  DOCKER_DRIVER: 'overlay2'

+
+###############################################################################
+# `cache` stage: build up the bundler cache required before the `test` stage
+###############################################################################
+build-cache:
+  stage: *stage_cache
+  image: *image_dindruby
+  variables: *variables_bundler
+  cache: *cache_bundler
+  script: *bundle_install
+
 ###############################################################################
 # `lint` stage: `commitlint`, `pre-commit` & `rubocop` (latest, failure allowed)
 ###############################################################################
-commitlint:
+.lint_job:
  stage: *stage_lint
+  needs: []
+
+commitlint:
+  extends: '.lint_job'
  image: *image_commitlint
  script:
    # Add `upstream` remote to get access to `upstream/master`
@ -74,17 +109,14 @@ commitlint:
                  --verbose'

 pre-commit:
-  stage: *stage_lint
+  extends: '.lint_job'
  image: *image_precommit
  # https://pre-commit.com/#gitlab-ci-example
-  variables:
-    PRE_COMMIT_HOME: '${CI_PROJECT_DIR}/.cache/pre-commit'
-  cache:
-    key: '${CI_JOB_NAME}'
-    paths:
-      - '${PRE_COMMIT_HOME}'
+  variables: *variables_pre-commit
+  cache: *cache_pre-commit
  script:
    - 'pre-commit run --all-files --color always --verbose'
+    - 'pre-commit run --color always --hook-stage manual commitlint-ci'

 # Use a separate job for `rubocop` other than the one potentially run by `pre-commit`
 # - The `pre-commit` check will only be available for formulas that pass the default
@ -93,8 +125,8 @@ pre-commit:
 # - Furthermore, this job uses all of the latest `rubocop` features & cops,
 #   which will help when upgrading the `rubocop` linter used in `pre-commit`
 rubocop:
+  extends: '.lint_job'
  allow_failure: true
-  stage: *stage_lint
  image: *image_rubocop
  script:
    - 'rubocop -d -P -S --enable-pending-cops'
@ -107,12 +139,10 @@ rubocop:
  image: *image_dindruby
  services: *services_docker_dind
  variables: *variables_bundler
-  cache: *cache_bundler
-  before_script:
-    # TODO: This should work from the env vars above automatically
-    - 'bundle config set path "${BUNDLE_CACHE_PATH}"'
-    - 'bundle config set without "${BUNDLE_WITHOUT}"'
-    - 'bundle install'
+  cache:
+    <<: *cache_bundler
+    policy: 'pull'
+  before_script: *bundle_install
  script:
    # Alternative value to consider: `${CI_JOB_NAME}`
    - 'bin/kitchen verify "${DOCKER_ENV_CI_JOB_NAME}"'
@ -131,69 +161,68 @@ rubocop:
 # Make sure the instances listed below match up with
 # the `platforms` defined in `kitchen.yml`
 # yamllint disable rule:line-length
-# default-debian-11-tiamat-py3: {extends: '.test_instance'}
-# default-debian-10-tiamat-py3: {extends: '.test_instance'}
-# default-debian-9-tiamat-py3: {extends: '.test_instance'}
-# default-ubuntu-2204-tiamat-py3: {extends: '.test_instance_failure_permitted'}
-# default-ubuntu-2004-tiamat-py3: {extends: '.test_instance'}
-# default-ubuntu-1804-tiamat-py3: {extends: '.test_instance'}
-# default-centos-stream8-tiamat-py3: {extends: '.test_instance_failure_permitted'}
-# default-centos-7-tiamat-py3: {extends: '.test_instance'}
-# default-amazonlinux-2-tiamat-py3: {extends: '.test_instance'}
-# default-oraclelinux-8-tiamat-py3: {extends: '.test_instance'}
-# default-oraclelinux-7-tiamat-py3: {extends: '.test_instance'}
-# default-almalinux-8-tiamat-py3: {extends: '.test_instance'}
-# default-rockylinux-8-tiamat-py3: {extends: '.test_instance'}
-default-debian-11-master-py3: {extends: '.test_instance'}
-default-debian-10-master-py3: {extends: '.test_instance'}
-default-debian-9-master-py3: {extends: '.test_instance'}
-default-ubuntu-2204-master-py3: {extends: '.test_instance_failure_permitted'}
-default-ubuntu-2004-master-py3: {extends: '.test_instance'}
-default-ubuntu-1804-master-py3: {extends: '.test_instance'}
-default-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
-default-centos-7-master-py3: {extends: '.test_instance'}
-default-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
-default-fedora-35-master-py3: {extends: '.test_instance'}
-default-opensuse-leap-153-master-py3: {extends: '.test_instance'}
-default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
-default-amazonlinux-2-master-py3: {extends: '.test_instance'}
-default-oraclelinux-8-master-py3: {extends: '.test_instance'}
-default-oraclelinux-7-master-py3: {extends: '.test_instance'}
-default-arch-base-latest-master-py3: {extends: '.test_instance'}
-default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
-default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
-default-almalinux-8-master-py3: {extends: '.test_instance'}
-default-rockylinux-8-master-py3: {extends: '.test_instance'}
-# default-debian-11-3004-1-py3: {extends: '.test_instance'}
-# default-debian-10-3004-1-py3: {extends: '.test_instance'}
-# default-debian-9-3004-1-py3: {extends: '.test_instance'}
-# default-ubuntu-2204-3004-1-py3: {extends: '.test_instance_failure_permitted'}
-# default-ubuntu-2004-3004-1-py3: {extends: '.test_instance'}
-# default-ubuntu-1804-3004-1-py3: {extends: '.test_instance'}
-# default-centos-stream8-3004-1-py3: {extends: '.test_instance_failure_permitted'}
-# default-centos-7-3004-1-py3: {extends: '.test_instance'}
-# default-fedora-36-3004-1-py3: {extends: '.test_instance_failure_permitted'}
-# default-fedora-35-3004-1-py3: {extends: '.test_instance'}
-# default-amazonlinux-2-3004-1-py3: {extends: '.test_instance'}
-# default-oraclelinux-8-3004-1-py3: {extends: '.test_instance'}
-# default-oraclelinux-7-3004-1-py3: {extends: '.test_instance'}
-# default-arch-base-latest-3004-1-py3: {extends: '.test_instance'}
-# default-gentoo-stage3-latest-3004-1-py3: {extends: '.test_instance'}
-# default-gentoo-stage3-systemd-3004-1-py3: {extends: '.test_instance'}
-# default-almalinux-8-3004-1-py3: {extends: '.test_instance'}
-# default-rockylinux-8-3004-1-py3: {extends: '.test_instance'}
-# default-opensuse-leap-153-3004-0-py3: {extends: '.test_instance'}
-# default-opensuse-tmbl-latest-3004-0-py3: {extends: '.test_instance_failure_permitted'}
-# default-debian-10-3003-4-py3: {extends: '.test_instance'}
-# default-debian-9-3003-4-py3: {extends: '.test_instance'}
-# default-ubuntu-2004-3003-4-py3: {extends: '.test_instance'}
-# default-ubuntu-1804-3003-4-py3: {extends: '.test_instance'}
-# default-centos-stream8-3003-4-py3: {extends: '.test_instance_failure_permitted'}
-# default-centos-7-3003-4-py3: {extends: '.test_instance'}
-# default-amazonlinux-2-3003-4-py3: {extends: '.test_instance'}
-# default-oraclelinux-8-3003-4-py3: {extends: '.test_instance'}
-# default-oraclelinux-7-3003-4-py3: {extends: '.test_instance'}
-# default-almalinux-8-3003-4-py3: {extends: '.test_instance'}
+# Fedora 41+ will permit failure until this PR is merged into kitchen-docker
+# https://github.com/test-kitchen/kitchen-docker/pull/427 is merged
+# OpenSUSE master branch will fail until zypperpkg module is back in salt core
+# https://github.com/saltstack/great-module-migration/issues/14
+#
+almalinux-9-master: {extends: '.test_instance_failure_permitted'}
+almalinux-8-master: {extends: '.test_instance_failure_permitted'}
+amazonlinux-2023-master: {extends: '.test_instance_failure_permitted'}
+amazonlinux-2-master: {extends: '.test_instance_failure_permitted'}
+centos-stream9-master: {extends: '.test_instance_failure_permitted'}
+debian-12-master: {extends: '.test_instance_failure_permitted'}
+debian-11-master: {extends: '.test_instance_failure_permitted'}
+fedora-41-master: {extends: '.test_instance_failure_permitted'}
+fedora-40-master: {extends: '.test_instance_failure_permitted'}
+opensuse-leap-156-master: {extends: '.test_instance_failure_permitted'}
+opensuse-leap-155-master: {extends: '.test_instance_failure_permitted'}
+opensuse-tmbl-latest-master: {extends: '.test_instance_failure_permitted'}
+oraclelinux-9-master: {extends: '.test_instance_failure_permitted'}
+oraclelinux-8-master: {extends: '.test_instance_failure_permitted'}
+rockylinux-9-master: {extends: '.test_instance_failure_permitted'}
+rockylinux-8-master: {extends: '.test_instance_failure_permitted'}
+ubuntu-2404-master: {extends: '.test_instance_failure_permitted'}
+ubuntu-2204-master: {extends: '.test_instance_failure_permitted'}
+ubuntu-2004-master: {extends: '.test_instance_failure_permitted'}
+almalinux-9-3007-3: {extends: '.test_instance'}
+almalinux-8-3007-3: {extends: '.test_instance'}
+amazonlinux-2023-3007-3: {extends: '.test_instance'}
+amazonlinux-2-3007-3: {extends: '.test_instance_failure_permitted'}
+centos-stream9-3007-3: {extends: '.test_instance'}
+debian-12-3007-3: {extends: '.test_instance'}
+debian-11-3007-3: {extends: '.test_instance'}
+fedora-41-3007-3: {extends: '.test_instance_failure_permitted'}
+fedora-40-3007-3: {extends: '.test_instance'}
+opensuse-leap-156-3007-3: {extends: '.test_instance'}
+opensuse-leap-155-3007-3: {extends: '.test_instance'}
+opensuse-tmbl-latest-3007-3: {extends: '.test_instance'}
+oraclelinux-9-3007-3: {extends: '.test_instance'}
+oraclelinux-8-3007-3: {extends: '.test_instance'}
+rockylinux-9-3007-3: {extends: '.test_instance'}
+rockylinux-8-3007-3: {extends: '.test_instance'}
+ubuntu-2404-3007-3: {extends: '.test_instance'}
+ubuntu-2204-3007-3: {extends: '.test_instance'}
+ubuntu-2004-3007-3: {extends: '.test_instance'}
+almalinux-9-3006-11: {extends: '.test_instance'}
+almalinux-8-3006-11: {extends: '.test_instance'}
+amazonlinux-2023-3006-11: {extends: '.test_instance'}
+amazonlinux-2-3006-11: {extends: '.test_instance_failure_permitted'}
+centos-stream9-3006-11: {extends: '.test_instance'}
+debian-12-3006-11: {extends: '.test_instance'}
+debian-11-3006-11: {extends: '.test_instance'}
+fedora-41-3006-11: {extends: '.test_instance_failure_permitted'}
+fedora-40-3006-11: {extends: '.test_instance'}
+opensuse-leap-156-3006-11: {extends: '.test_instance'}
+opensuse-leap-155-3006-11: {extends: '.test_instance'}
+opensuse-tmbl-latest-3006-11: {extends: '.test_instance'}
+oraclelinux-9-3006-11: {extends: '.test_instance'}
+oraclelinux-8-3006-11: {extends: '.test_instance'}
+rockylinux-9-3006-11: {extends: '.test_instance'}
+rockylinux-8-3006-11: {extends: '.test_instance'}
+ubuntu-2404-3006-11: {extends: '.test_instance'}
+ubuntu-2204-3006-11: {extends: '.test_instance'}
+ubuntu-2004-3006-11: {extends: '.test_instance'}
 # yamllint enable rule:line-length

 ###############################################################################
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -15,28 +15,26 @@ ci:
  autoupdate_schedule: quarterly
  skip: []
  submodules: false
-default_stages: [commit]
+default_stages: [pre-commit]
 repos:
-  - repo: https://github.com/dafyddj/commitlint-pre-commit-hook
-    rev: v2.3.0
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-merge-conflict
+        name: Check for Git merge conflicts
+        args: [--assume-in-merge]
+        exclude: ^docs/AUTHORS.rst$
+  - repo: https://github.com/dafyddj/mirrors-commitlint
+    rev: v19.8.1
    hooks:
      - id: commitlint
-        name: Check commit message using commitlint
-        description: Lint commit message against @commitlint/config-conventional rules
-        stages: [commit-msg]
-        additional_dependencies: ['@commitlint/config-conventional@8.3.4']
-      - id: commitlint-travis
-        stages: [manual]
-        additional_dependencies: ['@commitlint/config-conventional@8.3.4']
-        always_run: true
+      - id: commitlint-ci
  - repo: https://github.com/rubocop-hq/rubocop
-    rev: v1.59.0
+    rev: v1.75.8
    hooks:
      - id: rubocop
        name: Check Ruby files with rubocop
        args: [--debug]
-        always_run: true
-        pass_filenames: false
  - repo: https://github.com/shellcheck-py/shellcheck-py
    rev: v0.9.0.6
    hooks:
@ -45,13 +43,36 @@ repos:
        files: ^.*\.(sh|bash|ksh)$
        types: []
  - repo: https://github.com/adrienverge/yamllint
-    rev: v1.33.0
+    rev: v1.37.1
    hooks:
      - id: yamllint
        name: Check YAML syntax with yamllint
-        args: [--strict, '.']
-        always_run: true
-        pass_filenames: false
+        args: [--strict]
+        types: [file]
+        # Files to include
+        # 1. Obvious YAML files
+        # 2. `pillar.example` and similar files
+        # 3. SLS files under directory `test/` which are pillar files
+        # Files to exclude
+        # 1. SLS files under directory `test/` which are state files
+        # 2. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax
+        # 3. YAML files heavily reliant on Jinja
+        # 4. `.copier-answers.yml` and its variants which are auto-generated
+        files: |
+          (?x)^(
+                .*\.yaml|
+                .*\.yml|
+                \.salt-lint|
+                \.yamllint|
+                .*\.example|
+                test/.*\.sls
+          )$
+        exclude: |
+          (?x)^(
+                \.copier-answers(\..+)?\.ya?ml|
+                kitchen.vagrant.yml|
+                test/.*/states/.*\.sls
+          )$
  - repo: https://github.com/warpnet/salt-lint
    rev: v0.9.2
    hooks:
@ -59,11 +80,12 @@ repos:
        name: Check Salt files using salt-lint
        files: ^.*\.(sls|jinja|j2|tmpl|tst)$
  - repo: https://github.com/rstcheck/rstcheck
-    rev: v6.2.0
+    rev: v6.2.5
    hooks:
      - id: rstcheck
        name: Check reST files using rstcheck
        exclude: 'docs/CHANGELOG.rst'
+        additional_dependencies: [sphinx==7.2.6]
  - repo: https://github.com/saltstack-formulas/mirrors-rst-lint
    rev: v1.4.0
    hooks:
@ -73,5 +95,21 @@ repos:
            (?x)^(
                docs/CHANGELOG.rst|
                docs/TOFS_pattern.rst|
+                docs/CONTRIBUTING_DOCS.rst|
+                docs/index.rst|
            )$
-        additional_dependencies: [pygments==2.9.0]
+        additional_dependencies: [pygments==2.16.1]
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 40.36.8
+    hooks:
+      - id: renovate-config-validator
+        name: Check Renovate config with renovate-config-validator
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.33.0
+    hooks:
+      - id: check-github-workflows
+        name: Check GitHub workflows with check-jsonschema
+        args: [--verbose]
+      - id: check-gitlab-ci
+        name: Check GitLab CI config with check-jsonschema
+        args: [--verbose]
--- a/.rstcheck.cfg
+++ b/.rstcheck.cfg
@ -1,4 +1,6 @@
 [rstcheck]
 report=info
 ignore_language=rst
-ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$)
+# salt['config.get']('roles') is misidentified as a Markdown link.
+#   Ignore for now, but perhaps try to submit a fix upstream in rstcheck
+ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$|\(rst\) Link is formatted in Markdown style\.)
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -7,7 +7,7 @@ Layout/LineLength:
  # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
  Max: 88
 Metrics/BlockLength:
-  IgnoredMethods:
+  AllowedMethods:
    - control
    - describe
  # Increase from default of `25`
--- a/.yamllint
+++ b/.yamllint
@ -4,34 +4,6 @@
 # Extend the `default` configuration provided by `yamllint`
 extends: 'default'

-# Files to ignore completely
-# 1. All YAML files under directory `.bundle/`, introduced if gems are installed locally
-# 2. All YAML files under directory `.cache/`, introduced during the CI run
-# 3. All YAML files under directory `.git/`
-# 4. All YAML files under directory `node_modules/`, introduced during the CI run
-# 5. Any SLS files under directory `test/`, which are actually state files
-# 6. Any YAML files under directory `.kitchen/`, introduced during local testing
-# 7. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax
-ignore: |
-  .bundle/
-  .cache/
-  .git/
-  node_modules/
-  test/**/states/**/*.sls
-  .kitchen/
-  kitchen.vagrant.yml
-  test/salt/pillar/default.sls
-
-yaml-files:
-  # Default settings
-  - '*.yaml'
-  - '*.yml'
-  - .salt-lint
-  - .yamllint
-  # SaltStack Formulas additional settings
-  - '*.example'
-  - test/**/*.sls
-
 rules:
  empty-values:
    forbid-in-block-mappings: true
--- a/11
+++ b/11
@ -15,9 +15,10 @@ gem 'inspec', git: 'https://gitlab.com/saltstack-formulas/infrastructure/inspec'
 gem 'kitchen-docker', git: 'https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker', branch: 'ssf'
 # rubocop:enable Layout/LineLength

-gem 'kitchen-inspec', '>= 2.5.0'
-gem 'kitchen-salt', '>= 0.7.2'
+gem 'kitchen-inspec', '2.6.2'
+gem 'kitchen-salt', '0.7.2'

-group :vagrant do
-  gem 'kitchen-vagrant'
-end
+# Avoid the error 'pkeys are immutable on OpenSSL 3.0'
+gem 'net-ssh', '>= 7.0.0'
+
+gem 'test-kitchen', '3.6.0'
--- a/Gemfile.lock
+++ b/Gemfile.lock
--- a/commitlint.config.js
+++ b/commitlint.config.js
@ -5,4 +5,10 @@ module.exports = {
        'footer-max-line-length': [2, 'always', 120],
        'header-max-length': [2, 'always', 72],
    },
+    ignores: [
+        (commit) => commit.startsWith("chore(copier):"),
+        (commit) => commit.startsWith("chore(deps):"),
+        (commit) => commit.startsWith("ci(pre-commit.ci):"),
+        (commit) => commit.startsWith("[CI merge]")
+    ],
 };
--- a/kitchen.yml
+++ b/kitchen.yml
@ -17,246 +17,243 @@ provisioner:
  salt_copy_filter:
    - .kitchen
    - .git
+  pillars_from_directories:
+    - test/salt/pillar
+
+transport:
+  # Avoid lengthy waits when a container does not launch correctly
+  max_wait_until_ready: 60

 platforms:
-  ## SALT `tiamat`
-  - name: debian-11-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:debian-11
-      run_command: /lib/systemd/systemd
-  - name: debian-10-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:debian-10
-      run_command: /lib/systemd/systemd
-  - name: debian-9-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:debian-9
-      run_command: /lib/systemd/systemd
-  - name: ubuntu-2204-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:ubuntu-22.04
-      run_command: /lib/systemd/systemd
-  - name: ubuntu-2004-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:ubuntu-20.04
-      run_command: /lib/systemd/systemd
-  - name: ubuntu-1804-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:ubuntu-18.04
-      run_command: /lib/systemd/systemd
-  - name: centos-stream8-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:centos-stream8
-  - name: centos-7-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:centos-7
-  - name: amazonlinux-2-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:amazonlinux-2
-  - name: oraclelinux-8-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:oraclelinux-8
-  - name: oraclelinux-7-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:oraclelinux-7
-  - name: almalinux-8-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:almalinux-8
-  - name: rockylinux-8-tiamat-py3
-    driver:
-      image: saltimages/salt-tiamat-py3:rockylinux-8
-
  ## SALT `master`
-  - name: debian-11-master-py3
+  - name: debian-12-master
+    driver:
+      image: saltimages/salt-master-py3:debian-12
+      run_command: /lib/systemd/systemd
+  - name: debian-11-master
    driver:
      image: saltimages/salt-master-py3:debian-11
      run_command: /lib/systemd/systemd
-  - name: debian-10-master-py3
+  - name: ubuntu-2404-master
    driver:
-      image: saltimages/salt-master-py3:debian-10
+      image: saltimages/salt-master-py3:ubuntu-24.04
      run_command: /lib/systemd/systemd
-  - name: debian-9-master-py3
-    driver:
-      image: saltimages/salt-master-py3:debian-9
-      run_command: /lib/systemd/systemd
-  - name: ubuntu-2204-master-py3
+  - name: ubuntu-2204-master
    driver:
      image: saltimages/salt-master-py3:ubuntu-22.04
      run_command: /lib/systemd/systemd
-  - name: ubuntu-2004-master-py3
+  - name: ubuntu-2004-master
    driver:
      image: saltimages/salt-master-py3:ubuntu-20.04
      run_command: /lib/systemd/systemd
-  - name: ubuntu-1804-master-py3
+  - name: centos-stream9-master
    driver:
-      image: saltimages/salt-master-py3:ubuntu-18.04
-      run_command: /lib/systemd/systemd
-  - name: centos-stream8-master-py3
+      image: saltimages/salt-master-py3:centos-stream9
+  - name: opensuse-leap-156-master
    driver:
-      image: saltimages/salt-master-py3:centos-stream8
-  - name: centos-7-master-py3
-    driver:
-      image: saltimages/salt-master-py3:centos-7
-  - name: fedora-36-master-py3
-    driver:
-      image: saltimages/salt-master-py3:fedora-36
-  - name: fedora-35-master-py3
-    driver:
-      image: saltimages/salt-master-py3:fedora-35
-  - name: opensuse-leap-153-master-py3
-    driver:
-      image: saltimages/salt-master-py3:opensuse-leap-15.3
-    # Workaround to avoid intermittent failures on `opensuse-leap-15.3`:
+      image: saltimages/salt-master-py3:opensuse-leap-15.6
+    # Workaround to avoid intermittent failures on `opensuse-leap-15.6`:
    # => SCP did not finish successfully (255):  (Net::SCP::Error)
    transport:
      max_ssh_sessions: 1
-  - name: opensuse-tmbl-latest-master-py3
+  - name: opensuse-leap-155-master
+    driver:
+      image: saltimages/salt-master-py3:opensuse-leap-15.5
+    # Workaround to avoid intermittent failures on `opensuse-leap-15.5`:
+    # => SCP did not finish successfully (255):  (Net::SCP::Error)
+    transport:
+      max_ssh_sessions: 1
+  - name: opensuse-tmbl-latest-master
    driver:
      image: saltimages/salt-master-py3:opensuse-tumbleweed-latest
    # Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
    # => SCP did not finish successfully (255):  (Net::SCP::Error)
    transport:
      max_ssh_sessions: 1
-  - name: amazonlinux-2-master-py3
+  - name: fedora-41-master
    driver:
-      image: saltimages/salt-master-py3:amazonlinux-2
-  - name: oraclelinux-8-master-py3
+      image: saltimages/salt-master-py3:fedora-41
+  - name: fedora-40-master
+    driver:
+      image: saltimages/salt-master-py3:fedora-40
+  - name: amazonlinux-2023-master
+    driver:
+      image: saltimages/salt-master-py3:amazonlinux-2023
+  - name: oraclelinux-9-master
+    driver:
+      image: saltimages/salt-master-py3:oraclelinux-9
+  - name: oraclelinux-8-master
    driver:
      image: saltimages/salt-master-py3:oraclelinux-8
-  - name: oraclelinux-7-master-py3
+  - name: almalinux-9-master
    driver:
-      image: saltimages/salt-master-py3:oraclelinux-7
-  - name: arch-base-latest-master-py3
-    driver:
-      image: saltimages/salt-master-py3:arch-base-latest
-  - name: gentoo-stage3-latest-master-py3
-    driver:
-      image: saltimages/salt-master-py3:gentoo-stage3-latest
-      run_command: /sbin/init
-  - name: gentoo-stage3-systemd-master-py3
-    driver:
-      image: saltimages/salt-master-py3:gentoo-stage3-systemd
-  - name: almalinux-8-master-py3
+      image: saltimages/salt-master-py3:almalinux-9
+  - name: almalinux-8-master
    driver:
      image: saltimages/salt-master-py3:almalinux-8
-  - name: rockylinux-8-master-py3
+  - name: rockylinux-9-master
+    driver:
+      image: saltimages/salt-master-py3:rockylinux-9
+  - name: rockylinux-8-master
    driver:
      image: saltimages/salt-master-py3:rockylinux-8

-  ## SALT `3004.1`
-  - name: debian-11-3004-1-py3
+  ## SALT `3007.3`
+  - name: debian-12-3007-3
    driver:
-      image: saltimages/salt-3004.1-py3:debian-11
+      image: saltimages/salt-3007.3-py3:debian-12
      run_command: /lib/systemd/systemd
-  - name: debian-10-3004-1-py3
+  - name: debian-11-3007-3
    driver:
-      image: saltimages/salt-3004.1-py3:debian-10
+      image: saltimages/salt-3007.3-py3:debian-11
      run_command: /lib/systemd/systemd
-  - name: debian-9-3004-1-py3
+  - name: ubuntu-2404-3007-3
    driver:
-      image: saltimages/salt-3004.1-py3:debian-9
+      image: saltimages/salt-3007.3-py3:ubuntu-24.04
      run_command: /lib/systemd/systemd
-  - name: ubuntu-2204-3004-1-py3
+  - name: ubuntu-2204-3007-3
    driver:
-      image: saltimages/salt-3004.1-py3:ubuntu-22.04
+      image: saltimages/salt-3007.3-py3:ubuntu-22.04
      run_command: /lib/systemd/systemd
-  - name: ubuntu-2004-3004-1-py3
+  - name: ubuntu-2004-3007-3
    driver:
-      image: saltimages/salt-3004.1-py3:ubuntu-20.04
+      image: saltimages/salt-3007.3-py3:ubuntu-20.04
      run_command: /lib/systemd/systemd
-  - name: ubuntu-1804-3004-1-py3
+  - name: centos-stream9-3007-3
    driver:
-      image: saltimages/salt-3004.1-py3:ubuntu-18.04
-      run_command: /lib/systemd/systemd
-  - name: centos-stream8-3004-1-py3
+      image: saltimages/salt-3007.3-py3:centos-stream9
+  - name: opensuse-leap-155-3007-3
    driver:
-      image: saltimages/salt-3004.1-py3:centos-stream8
-  - name: centos-7-3004-1-py3
-    driver:
-      image: saltimages/salt-3004.1-py3:centos-7
-  - name: fedora-36-3004-1-py3
-    driver:
-      image: saltimages/salt-3004.1-py3:fedora-36
-  - name: fedora-35-3004-1-py3
-    driver:
-      image: saltimages/salt-3004.1-py3:fedora-35
-  - name: amazonlinux-2-3004-1-py3
-    driver:
-      image: saltimages/salt-3004.1-py3:amazonlinux-2
-  - name: oraclelinux-8-3004-1-py3
-    driver:
-      image: saltimages/salt-3004.1-py3:oraclelinux-8
-  - name: oraclelinux-7-3004-1-py3
-    driver:
-      image: saltimages/salt-3004.1-py3:oraclelinux-7
-  - name: arch-base-latest-3004-1-py3
-    driver:
-      image: saltimages/salt-3004.1-py3:arch-base-latest
-  - name: gentoo-stage3-latest-3004-1-py3
-    driver:
-      image: saltimages/salt-3004.1-py3:gentoo-stage3-latest
-      run_command: /sbin/init
-  - name: gentoo-stage3-systemd-3004-1-py3
-    driver:
-      image: saltimages/salt-3004.1-py3:gentoo-stage3-systemd
-  - name: almalinux-8-3004-1-py3
-    driver:
-      image: saltimages/salt-3004.1-py3:almalinux-8
-  - name: rockylinux-8-3004-1-py3
-    driver:
-      image: saltimages/salt-3004.1-py3:rockylinux-8
-
-  ## SALT `3004.0`
-  - name: opensuse-leap-153-3004-0-py3
-    driver:
-      image: saltimages/salt-3004.0-py3:opensuse-leap-15.3
-    # Workaround to avoid intermittent failures on `opensuse-leap-15.3`:
+      image: saltimages/salt-3007.3-py3:opensuse-leap-15.5
+    # Workaround to avoid intermittent failures on `opensuse-leap-15.5`:
    # => SCP did not finish successfully (255):  (Net::SCP::Error)
    transport:
      max_ssh_sessions: 1
-  - name: opensuse-tmbl-latest-3004-0-py3
+  - name: opensuse-leap-156-3007-3
    driver:
-      image: saltimages/salt-3004.0-py3:opensuse-tumbleweed-latest
+      image: saltimages/salt-3007.3-py3:opensuse-leap-15.6
+    # Workaround to avoid intermittent failures on `opensuse-leap-15.6`:
+    # => SCP did not finish successfully (255):  (Net::SCP::Error)
+    transport:
+      max_ssh_sessions: 1
+  - name: opensuse-tmbl-latest-3007-3
+    driver:
+      image: saltimages/salt-3007.3-py3:opensuse-tumbleweed-latest
    # Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
    # => SCP did not finish successfully (255):  (Net::SCP::Error)
    transport:
      max_ssh_sessions: 1
+  - name: fedora-41-3007-3
+    driver:
+      image: saltimages/salt-3007.3-py3:fedora-41
+  - name: fedora-40-3007-3
+    driver:
+      image: saltimages/salt-3007.3-py3:fedora-40
+  - name: amazonlinux-2023-3007-3
+    driver:
+      image: saltimages/salt-3007.3-py3:amazonlinux-2023
+  - name: amazonlinux-2-3007-3
+    driver:
+      image: saltimages/salt-3007.3-py3:amazonlinux-2
+  - name: oraclelinux-9-3007-3
+    driver:
+      image: saltimages/salt-3007.3-py3:oraclelinux-9
+  - name: oraclelinux-8-3007-3
+    driver:
+      image: saltimages/salt-3007.3-py3:oraclelinux-8
+  - name: almalinux-9-3007-3
+    driver:
+      image: saltimages/salt-3007.3-py3:almalinux-9
+  - name: almalinux-8-3007-3
+    driver:
+      image: saltimages/salt-3007.3-py3:almalinux-8
+  - name: rockylinux-9-3007-3
+    driver:
+      image: saltimages/salt-3007.3-py3:rockylinux-9
+  - name: rockylinux-8-3007-3
+    driver:
+      image: saltimages/salt-3007.3-py3:rockylinux-8

-  ## SALT `3003.4`
-  - name: debian-10-3003-4-py3
+  ## SALT `3006.11`
+  - name: debian-12-3006-11
    driver:
-      image: saltimages/salt-3003.4-py3:debian-10
+      image: saltimages/salt-3006.11-py3:debian-12
      run_command: /lib/systemd/systemd
-  - name: debian-9-3003-4-py3
+  - name: debian-11-3006-11
    driver:
-      image: saltimages/salt-3003.4-py3:debian-9
+      image: saltimages/salt-3006.11-py3:debian-11
      run_command: /lib/systemd/systemd
-  - name: ubuntu-2004-3003-4-py3
+  - name: ubuntu-2404-3006-11
    driver:
-      image: saltimages/salt-3003.4-py3:ubuntu-20.04
+      image: saltimages/salt-3006.11-py3:ubuntu-24.04
      run_command: /lib/systemd/systemd
-  - name: ubuntu-1804-3003-4-py3
+  - name: ubuntu-2204-3006-11
    driver:
-      image: saltimages/salt-3003.4-py3:ubuntu-18.04
+      image: saltimages/salt-3006.11-py3:ubuntu-22.04
      run_command: /lib/systemd/systemd
-  - name: centos-stream8-3003-4-py3
+  - name: ubuntu-2004-3006-11
    driver:
-      image: saltimages/salt-3003.4-py3:centos-stream8
-  - name: centos-7-3003-4-py3
+      image: saltimages/salt-3006.11-py3:ubuntu-20.04
+      run_command: /lib/systemd/systemd
+  - name: centos-stream9-3006-11
    driver:
-      image: saltimages/salt-3003.4-py3:centos-7
-  - name: amazonlinux-2-3003-4-py3
+      image: saltimages/salt-3006.11-py3:centos-stream9
+  - name: opensuse-tmbl-latest-3006-11
    driver:
-      image: saltimages/salt-3003.4-py3:amazonlinux-2
-  - name: oraclelinux-8-3003-4-py3
+      image: saltimages/salt-3006.11-py3:opensuse-tumbleweed-latest
+    # Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
+    # => SCP did not finish successfully (255):  (Net::SCP::Error)
+    transport:
+      max_ssh_sessions: 1
+  - name: opensuse-leap-156-3006-11
    driver:
-      image: saltimages/salt-3003.4-py3:oraclelinux-8
-  - name: oraclelinux-7-3003-4-py3
+      image: saltimages/salt-3006.11-py3:opensuse-leap-15.6
+    # Workaround to avoid intermittent failures on `opensuse-leap-15.6`:
+    # => SCP did not finish successfully (255):  (Net::SCP::Error)
+    transport:
+      max_ssh_sessions: 1
+  - name: opensuse-leap-155-3006-11
    driver:
-      image: saltimages/salt-3003.4-py3:oraclelinux-7
-  - name: almalinux-8-3003-4-py3
+      image: saltimages/salt-3006.11-py3:opensuse-leap-15.5
+    # Workaround to avoid intermittent failures on `opensuse-leap-15.5`:
+    # => SCP did not finish successfully (255):  (Net::SCP::Error)
+    transport:
+      max_ssh_sessions: 1
+  - name: fedora-41-3006-11
    driver:
-      image: saltimages/salt-3003.4-py3:almalinux-8
+      image: saltimages/salt-3006.11-py3:fedora-41
+  - name: fedora-40-3006-11
+    driver:
+      image: saltimages/salt-3006.11-py3:fedora-40
+  - name: amazonlinux-2023-3006-11
+    driver:
+      image: saltimages/salt-3006.11-py3:amazonlinux-2023
+  - name: amazonlinux-2-3006-11
+    driver:
+      image: saltimages/salt-3006.11-py3:amazonlinux-2
+  - name: oraclelinux-9-3006-11
+    driver:
+      image: saltimages/salt-3006.11-py3:oraclelinux-9
+  - name: oraclelinux-8-3006-11
+    driver:
+      image: saltimages/salt-3006.11-py3:oraclelinux-8
+  - name: almalinux-9-3006-11
+    driver:
+      image: saltimages/salt-3006.11-py3:almalinux-9
+  - name: almalinux-8-3006-11
+    driver:
+      image: saltimages/salt-3006.11-py3:almalinux-8
+  - name: rockylinux-9-3006-11
+    driver:
+      image: saltimages/salt-3006.11-py3:rockylinux-9
+  - name: rockylinux-8-3006-11
+    driver:
+      image: saltimages/salt-3006.11-py3:rockylinux-8
+
+##########################################################
+# This file is managed as part of a Copier template.     #
+# Please make your own changes below this comment.       #
+##########################################################

 verifier:
  # https://www.inspec.io/
--- a/test/integration/default/files/_mapdata/almalinux-9.yaml
+++ b/test/integration/default/files/_mapdata/almalinux-9.yaml
@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# AlmaLinux-9
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'
--- a/test/integration/default/files/_mapdata/amazonlinux-2023.yaml
+++ b/test/integration/default/files/_mapdata/amazonlinux-2023.yaml
@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Amazon Linux-2023
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'
--- a/test/integration/default/files/_mapdata/centos-9.yaml
+++ b/test/integration/default/files/_mapdata/centos-9.yaml
@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# CentOS Linux-9
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'
--- a/test/integration/default/files/_mapdata/debian-12.yaml
+++ b/test/integration/default/files/_mapdata/debian-12.yaml
@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Debian-12
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-client
+    client_version: latest
+    dig_pkg: dnsutils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: ssh
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'
--- a/test/integration/default/files/_mapdata/fedora-40.yaml
+++ b/test/integration/default/files/_mapdata/fedora-40.yaml
@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Fedora-40
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'
--- a/test/integration/default/files/_mapdata/fedora-41.yaml
+++ b/test/integration/default/files/_mapdata/fedora-41.yaml
@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Fedora-41
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'
--- a/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml
+++ b/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml
@ -180,7 +180,6 @@ values:
    AcceptEnv: LANG LC_*
    ChallengeResponseAuthentication: 'no'
    PrintMotd: 'no'
-    PubkeyAcceptedAlgorithms: "+ssh-rsa"
    Subsystem: sftp /usr/lib/openssh/sftp-server
    UsePAM: 'yes'
    X11Forwarding: 'yes'
--- a/test/integration/default/files/_mapdata/oraclelinux-9.yaml
+++ b/test/integration/default/files/_mapdata/oraclelinux-9.yaml
@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Oracle Linux Server-9
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'
--- a/test/integration/default/files/_mapdata/rockylinux-9.yaml
+++ b/test/integration/default/files/_mapdata/rockylinux-9.yaml
@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Rocky Linux-9
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-clients
+    client_version: latest
+    dig_pkg: bind-utils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: sshd
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'
--- a/test/integration/default/files/_mapdata/ubuntu-22.yaml
+++ b/test/integration/default/files/_mapdata/ubuntu-22.yaml
@ -180,7 +180,6 @@ values:
    AcceptEnv: LANG LC_*
    ChallengeResponseAuthentication: 'no'
    PrintMotd: 'no'
-    PubkeyAcceptedAlgorithms: "+ssh-rsa"
    Subsystem: sftp /usr/lib/openssh/sftp-server
    UsePAM: 'yes'
    X11Forwarding: 'yes'
--- a/test/integration/default/files/_mapdata/ubuntu-24.yaml
+++ b/test/integration/default/files/_mapdata/ubuntu-24.yaml
@ -0,0 +1,185 @@
+# yamllint disable rule:indentation rule:line-length
+# Ubuntu-24.04
+---
+values:
+  map_jinja:
+    sources:
+    - Y:G@osarch
+    - Y:G@os_family
+    - Y:G@os
+    - Y:G@osfinger
+    - C:SUB@openssh:lookup
+    - C:SUB@openssh
+    - C:SUB@sshd_config:lookup
+    - C:SUB@sshd_config
+    - C:SUB@ssh_config:lookup
+    - C:SUB@ssh_config
+    - Y:G@id
+  openssh:
+    absent_dsa_keys: false
+    absent_ecdsa_keys: false
+    absent_ed25519_keys: false
+    absent_rsa_keys: false
+    auth:
+      joe-non-valid-ssh-key:
+      - comment: obsolete key - removed
+        enc: ssh-rsa
+        present: false
+        source: salt://ssh_keys/joe.no-valid.pub
+        user: joe
+      joe-valid-ssh-key-desktop:
+      - comment: main key - desktop
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.desktop.pub
+        user: joe
+      joe-valid-ssh-key-notebook:
+      - comment: main key - notebook
+        enc: ssh-rsa
+        present: true
+        source: salt://ssh_keys/joe.netbook.pub
+        user: joe
+    auth_map:
+      personal_keys:
+        source: salt://ssh_keys
+        users:
+          joe:
+            joe.desktop: {}
+            joe.netbook:
+              options: []
+            joe.no-valid:
+              present: false
+    banner: /etc/ssh/banner
+    banner_src: banner
+    banner_string: 'Welcome to example.net!
+  '
+    client: openssh-client
+    client_version: latest
+    dig_pkg: dnsutils
+    dsa:
+      private_key: '-----BEGIN DSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END DSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-dss NOT_DEFINED
+  '
+    ecdsa:
+      private_key: '-----BEGIN EC PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END EC PRIVATE KEY-----
+  '
+      public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
+  '
+    ed25519:
+      private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END OPENSSH PRIVATE KEY-----
+  '
+      public_key: 'ssh-ed25519 NOT_DEFINED
+  '
+    enforce_rsa_size: false
+    generate_dsa_keys: false
+    generate_ecdsa_keys: false
+    generate_ed25519_keys: false
+    generate_rsa_keys: false
+    generate_rsa_size: 4096
+    host_key_algos: ecdsa,ed25519,rsa
+    known_hosts:
+      aliases:
+      - cname-to-minion.example.org
+      - alias.example.org
+      hostnames: false
+      include_localhost: false
+      mine_hostname_function: public_ssh_hostname
+      mine_keys_function: public_ssh_host_keys
+      omit_ip_address:
+      - github.com
+      salt_ssh:
+        public_ssh_host_keys:
+          minion.id: 'ssh-rsa [...]
+
+            ssh-ed25519 [...]
+  '
+        public_ssh_host_names:
+          minion.id:
+          - minion.id
+          - alias.of.minion.id
+        user: salt-master
+      static:
+        github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
+        gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
+      target: '*'
+      tgt_type: glob
+    moduli: '# Time Type Tests Tries Size Generator Modulus
+
+      20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
+
+      20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
+
+      20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
+
+      20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
+  '
+    provide_dsa_keys: false
+    provide_ecdsa_keys: false
+    provide_ed25519_keys: false
+    provide_rsa_keys: false
+    root_group: root
+    rsa:
+      private_key: '-----BEGIN RSA PRIVATE KEY-----
+
+        NOT_DEFINED
+
+        -----END RSA PRIVATE KEY-----
+  '
+      public_key: 'ssh-rsa NOT_DEFINED
+  '
+    server: openssh-server
+    server_version: latest
+    service: ssh
+    ssh_config: /etc/ssh/ssh_config
+    ssh_config_backup: true
+    ssh_config_group: root
+    ssh_config_mode: '644'
+    ssh_config_src: ssh_config
+    ssh_config_user: root
+    ssh_known_hosts: /etc/ssh/ssh_known_hosts
+    ssh_known_hosts_src: ssh_known_hosts
+    ssh_moduli: /etc/ssh/moduli
+    sshd_binary: /usr/sbin/sshd
+    sshd_config: /etc/ssh/sshd_config
+    sshd_config_backup: true
+    sshd_config_group: root
+    sshd_config_mode: '644'
+    sshd_config_src: sshd_config
+    sshd_config_user: root
+    sshd_enable: true
+    tofs:
+      source_files:
+        manage ssh_known_hosts file:
+        - alt_ssh_known_hosts
+        ssh_config:
+        - alt_ssh_config
+        sshd_banner:
+        - fire_banner
+        sshd_config:
+        - alt_sshd_config
+  ssh_config:
+    Hosts:
+      '*':
+        GSSAPIAuthentication: 'yes'
+        HashKnownHosts: 'yes'
+        SendEnv: LANG LC_*
+  sshd_config:
+    AcceptEnv: LANG LC_*
+    ChallengeResponseAuthentication: 'no'
+    PrintMotd: 'no'
+    Subsystem: sftp /usr/lib/openssh/sftp-server
+    UsePAM: 'yes'
+    X11Forwarding: 'yes'
--- a/test/salt/pillar/default.sls
+++ b/test/salt/pillar/default.sls
@ -22,16 +22,17 @@ sshd_config:
  PrintMotd: 'no'
  AcceptEnv: "LANG LC_*"
  Subsystem: "sftp /usr/lib/openssh/sftp-server"
-  {%- if grains.os != "OpenBSD" %}
+  # {%- if grains.os != "OpenBSD" %}
  UsePAM: 'yes'
-  {%- endif %}
-  {#- Need this on various platforms to avoid the `kitchen verify` failure as mentioned above; see: #}
-  {#- * https://gitlab.com/saltstack-formulas/infrastructure/salt-image-builder/-/commit/cb6781a2bba9 #}
-  {%- if grains.os in ["Arch", "OpenBSD", "Gentoo"]
-      or grains.get("oscodename", "") in ["openSUSE Tumbleweed"]
-      or grains.get("osfinger", "") in ["Fedora Linux-36", "Ubuntu-22.04"] %}
+  # {%- endif %}
+  # Need this on various platforms to avoid the `kitchen verify` failure as
+  # mentioned above; see:
+  # yamllint disable rule:line-length
+  # * https://gitlab.com/saltstack-formulas/infrastructure/salt-image-builder/-/commit/cb6781a2bba9 #}
+  # {%- if false %}
+  # yamllint enable rule:line-length
  PubkeyAcceptedAlgorithms: "+ssh-rsa"
-  {%- endif %}
+  # {%- endif %}

 ssh_config:
  Hosts: