From bc4f8ecaf653941b9260890c8a40f87e2e892b84 Mon Sep 17 00:00:00 2001 From: Richard Groux Date: Wed, 9 Jul 2025 12:03:35 +0200 Subject: [PATCH 1/6] fix(map): update debian.yaml in case of debian 13 update dnsutils in case we are on debian13 the package dnsutils is deprecated and replaced by bind9-dnsutils since debian 13 (trixie) --- openssh/parameters/os_family/Debian.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/openssh/parameters/os_family/Debian.yaml b/openssh/parameters/os_family/Debian.yaml index bb06132..7d64475 100644 --- a/openssh/parameters/os_family/Debian.yaml +++ b/openssh/parameters/os_family/Debian.yaml @@ -14,6 +14,9 @@ values: server: openssh-server client: openssh-client service: ssh + {%- if salt['config.get']('osrelease')|int > 12 %} + dig_pkg: bind9-dnsutils + {%- endif %} sshd_config: Subsystem: sftp /usr/lib/openssh/sftp-server ... From 701afb45c85446114091504473305c75239a76ba Mon Sep 17 00:00:00 2001 From: Richard Groux Date: Wed, 9 Jul 2025 12:28:06 +0200 Subject: [PATCH 2/6] fix(map): update debian.yaml make it more readable space for jinja filter --- openssh/parameters/os_family/Debian.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssh/parameters/os_family/Debian.yaml b/openssh/parameters/os_family/Debian.yaml index 7d64475..1baabf8 100644 --- a/openssh/parameters/os_family/Debian.yaml +++ b/openssh/parameters/os_family/Debian.yaml @@ -14,7 +14,7 @@ values: server: openssh-server client: openssh-client service: ssh - {%- if salt['config.get']('osrelease')|int > 12 %} + {%- if salt['config.get']('osrelease') | int > 12 %} dig_pkg: bind9-dnsutils {%- endif %} sshd_config: From 072c7364e70065cf1e9ef722853be0e385929fc7 Mon Sep 17 00:00:00 2001 From: GROUX Richard Date: Wed, 9 Jul 2025 12:55:32 +0200 Subject: [PATCH 3/6] fix(map): remove conditon about debian >12 --- openssh/parameters/os_family/Debian.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/openssh/parameters/os_family/Debian.yaml b/openssh/parameters/os_family/Debian.yaml index 1baabf8..c0e1e67 100644 --- a/openssh/parameters/os_family/Debian.yaml +++ b/openssh/parameters/os_family/Debian.yaml @@ -14,9 +14,7 @@ values: server: openssh-server client: openssh-client service: ssh - {%- if salt['config.get']('osrelease') | int > 12 %} dig_pkg: bind9-dnsutils - {%- endif %} sshd_config: Subsystem: sftp /usr/lib/openssh/sftp-server ... From 8e72286a237fa5a0c51d6fa1e228733e8bbcbd21 Mon Sep 17 00:00:00 2001 From: GROUX Richard Date: Wed, 9 Jul 2025 14:07:35 +0200 Subject: [PATCH 4/6] fix(map): change reference file --- test/integration/default/files/_mapdata/debian-11.yaml | 2 +- test/integration/default/files/_mapdata/debian-12.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/default/files/_mapdata/debian-11.yaml b/test/integration/default/files/_mapdata/debian-11.yaml index 66be3f2..3ac6edd 100644 --- a/test/integration/default/files/_mapdata/debian-11.yaml +++ b/test/integration/default/files/_mapdata/debian-11.yaml @@ -55,7 +55,7 @@ values: ' client: openssh-client client_version: latest - dig_pkg: dnsutils + dig_pkg: bind9-dnsutils dsa: private_key: '-----BEGIN DSA PRIVATE KEY----- diff --git a/test/integration/default/files/_mapdata/debian-12.yaml b/test/integration/default/files/_mapdata/debian-12.yaml index 45ed93b..fc4535a 100644 --- a/test/integration/default/files/_mapdata/debian-12.yaml +++ b/test/integration/default/files/_mapdata/debian-12.yaml @@ -55,7 +55,7 @@ values: ' client: openssh-client client_version: latest - dig_pkg: dnsutils + dig_pkg: bind9-dnsutils dsa: private_key: '-----BEGIN DSA PRIVATE KEY----- From 1ca0d8ee5bd8eb030c06e9da688969da2f3e212b Mon Sep 17 00:00:00 2001 From: GROUX Richard Date: Wed, 9 Jul 2025 14:51:03 +0200 Subject: [PATCH 5/6] fix(map): change reference file for ubuntu and set to bind9-dnsutils --- test/integration/default/files/_mapdata/ubuntu-20.yaml | 2 +- test/integration/default/files/_mapdata/ubuntu-22.yaml | 2 +- test/integration/default/files/_mapdata/ubuntu-24.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/integration/default/files/_mapdata/ubuntu-20.yaml b/test/integration/default/files/_mapdata/ubuntu-20.yaml index 93a2a39..3746123 100644 --- a/test/integration/default/files/_mapdata/ubuntu-20.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-20.yaml @@ -55,7 +55,7 @@ values: ' client: openssh-client client_version: latest - dig_pkg: dnsutils + dig_pkg: bind9-dnsutils dsa: private_key: '-----BEGIN DSA PRIVATE KEY----- diff --git a/test/integration/default/files/_mapdata/ubuntu-22.yaml b/test/integration/default/files/_mapdata/ubuntu-22.yaml index 9ad78c2..92288b5 100644 --- a/test/integration/default/files/_mapdata/ubuntu-22.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-22.yaml @@ -55,7 +55,7 @@ values: ' client: openssh-client client_version: latest - dig_pkg: dnsutils + dig_pkg: bind9-dnsutils dsa: private_key: '-----BEGIN DSA PRIVATE KEY----- diff --git a/test/integration/default/files/_mapdata/ubuntu-24.yaml b/test/integration/default/files/_mapdata/ubuntu-24.yaml index f8bb04f..851dc3b 100644 --- a/test/integration/default/files/_mapdata/ubuntu-24.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-24.yaml @@ -55,7 +55,7 @@ values: ' client: openssh-client client_version: latest - dig_pkg: dnsutils + dig_pkg: bind9-dnsutils dsa: private_key: '-----BEGIN DSA PRIVATE KEY----- From 6ed043688a73b101dae9f471f8b1290272db755d Mon Sep 17 00:00:00 2001 From: GROUX Richard Date: Wed, 9 Jul 2025 15:00:32 +0200 Subject: [PATCH 6/6] fix(map): add mapdata for debian 13 --- .../default/files/_mapdata/debian-13.yaml | 185 ++++++++++++++++++ 1 file changed, 185 insertions(+) create mode 100644 test/integration/default/files/_mapdata/debian-13.yaml diff --git a/test/integration/default/files/_mapdata/debian-13.yaml b/test/integration/default/files/_mapdata/debian-13.yaml new file mode 100644 index 0000000..fc4535a --- /dev/null +++ b/test/integration/default/files/_mapdata/debian-13.yaml @@ -0,0 +1,185 @@ +# yamllint disable rule:indentation rule:line-length +# Debian-12 +--- +values: + map_jinja: + sources: + - Y:G@osarch + - Y:G@os_family + - Y:G@os + - Y:G@osfinger + - C:SUB@openssh:lookup + - C:SUB@openssh + - C:SUB@sshd_config:lookup + - C:SUB@sshd_config + - C:SUB@ssh_config:lookup + - C:SUB@ssh_config + - Y:G@id + openssh: + absent_dsa_keys: false + absent_ecdsa_keys: false + absent_ed25519_keys: false + absent_rsa_keys: false + auth: + joe-non-valid-ssh-key: + - comment: obsolete key - removed + enc: ssh-rsa + present: false + source: salt://ssh_keys/joe.no-valid.pub + user: joe + joe-valid-ssh-key-desktop: + - comment: main key - desktop + enc: ssh-rsa + present: true + source: salt://ssh_keys/joe.desktop.pub + user: joe + joe-valid-ssh-key-notebook: + - comment: main key - notebook + enc: ssh-rsa + present: true + source: salt://ssh_keys/joe.netbook.pub + user: joe + auth_map: + personal_keys: + source: salt://ssh_keys + users: + joe: + joe.desktop: {} + joe.netbook: + options: [] + joe.no-valid: + present: false + banner: /etc/ssh/banner + banner_src: banner + banner_string: 'Welcome to example.net! + ' + client: openssh-client + client_version: latest + dig_pkg: bind9-dnsutils + dsa: + private_key: '-----BEGIN DSA PRIVATE KEY----- + + NOT_DEFINED + + -----END DSA PRIVATE KEY----- + ' + public_key: 'ssh-dss NOT_DEFINED + ' + ecdsa: + private_key: '-----BEGIN EC PRIVATE KEY----- + + NOT_DEFINED + + -----END EC PRIVATE KEY----- + ' + public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED + ' + ed25519: + private_key: '-----BEGIN OPENSSH PRIVATE KEY----- + + NOT_DEFINED + + -----END OPENSSH PRIVATE KEY----- + ' + public_key: 'ssh-ed25519 NOT_DEFINED + ' + enforce_rsa_size: false + generate_dsa_keys: false + generate_ecdsa_keys: false + generate_ed25519_keys: false + generate_rsa_keys: false + generate_rsa_size: 4096 + host_key_algos: ecdsa,ed25519,rsa + known_hosts: + aliases: + - cname-to-minion.example.org + - alias.example.org + hostnames: false + include_localhost: false + mine_hostname_function: public_ssh_hostname + mine_keys_function: public_ssh_host_keys + omit_ip_address: + - github.com + salt_ssh: + public_ssh_host_keys: + minion.id: 'ssh-rsa [...] + + ssh-ed25519 [...] + ' + public_ssh_host_names: + minion.id: + - minion.id + - alias.of.minion.id + user: salt-master + static: + github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] + gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] + target: '*' + tgt_type: glob + moduli: '# Time Type Tests Tries Size Generator Modulus + + 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 + + 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB + + 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 + + 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F + ' + provide_dsa_keys: false + provide_ecdsa_keys: false + provide_ed25519_keys: false + provide_rsa_keys: false + root_group: root + rsa: + private_key: '-----BEGIN RSA PRIVATE KEY----- + + NOT_DEFINED + + -----END RSA PRIVATE KEY----- + ' + public_key: 'ssh-rsa NOT_DEFINED + ' + server: openssh-server + server_version: latest + service: ssh + ssh_config: /etc/ssh/ssh_config + ssh_config_backup: true + ssh_config_group: root + ssh_config_mode: '644' + ssh_config_src: ssh_config + ssh_config_user: root + ssh_known_hosts: /etc/ssh/ssh_known_hosts + ssh_known_hosts_src: ssh_known_hosts + ssh_moduli: /etc/ssh/moduli + sshd_binary: /usr/sbin/sshd + sshd_config: /etc/ssh/sshd_config + sshd_config_backup: true + sshd_config_group: root + sshd_config_mode: '644' + sshd_config_src: sshd_config + sshd_config_user: root + sshd_enable: true + tofs: + source_files: + manage ssh_known_hosts file: + - alt_ssh_known_hosts + ssh_config: + - alt_ssh_config + sshd_banner: + - fire_banner + sshd_config: + - alt_sshd_config + ssh_config: + Hosts: + '*': + GSSAPIAuthentication: 'yes' + HashKnownHosts: 'yes' + SendEnv: LANG LC_* + sshd_config: + AcceptEnv: LANG LC_* + ChallengeResponseAuthentication: 'no' + PrintMotd: 'no' + Subsystem: sftp /usr/lib/openssh/sftp-server + UsePAM: 'yes' + X11Forwarding: 'yes'