0
0
mirror of https://github.com/saltstack-formulas/openssh-formula.git synced 2024-11-28 01:18:12 +01:00
Commit Graph

52 Commits

Author SHA1 Message Date
Philippe Grégoire
7cfc9f5a04 Hint at Host support for ssh_config (#133)
The `ssh_config` state supports generating `Host` sections, but it is
buried in the source. By default, options are simply dumped in the
configuration file; without any `Host` directive.

This patch hints (and, actually, encourages) users to use `Host`
sections by updating the pillar example to use the `Hosts` directive
with the `*` pattern.
2018-08-24 12:14:26 +02:00
alxwr
aa3da8f2c2 Pillar openssh.known_hosts_salt_ssh (#128)
* Pillar openssh.known_hosts_salt_ssh

* Dropped ill-named file

* Fixed aliasing of host names

* Improved pillar.example

* Opt-in to include localhost

* pillar/known_hosts_salt_ssh: clear cache in run()

* Dropped forgotten debugging output
2018-06-01 14:11:52 +02:00
Florian Ermisch
bf9b9a335c Add openssh:known_hosts:static to README and pillar.example 2018-04-26 17:12:29 +02:00
Mario Fritschen
e665450ed4 Changed expr_form to tgt_type for deprecation reasons. (#122) 2017-12-23 00:11:24 +01:00
alxwr
5e3368afcb drop default values (fixes #102) (#117)
* drop default values (fixes #102)
* hmac-ripemd160 was dropped in 7.6
2017-10-23 20:18:11 +02:00
Niels Abspoel
9cdb9aaba0 improve allow_deny_users_groups 2017-08-21 23:35:04 +02:00
Alexander Weidinger
e523ae5281 Optionally add hostnames to known_hosts 2017-08-08 07:51:38 +02:00
Alexander Weidinger
a5f4a56956 UsePrivilegeSeparation 'sandbox'
This is was introduced in 5.9, and is default in 6.1.
https://www.openssh.com/txt/release-5.9
https://www.openssh.com/txt/release-6.1
2017-08-01 00:02:03 +02:00
Andres Montalban
500c915c33 Allow to config banner in pillar 2017-07-27 19:55:34 -03:00
Alexander Weidinger
d37de77ba2 Copied docs from commit to pillar.example 2017-07-04 22:05:56 +02:00
alxwr
844e96b57b Merge pull request #88 from alxwr/force_key_length
Opt-in to enforce RSA key length
2017-03-07 20:24:34 +01:00
Alexander Weidinger
6b23b28f52 Opt-in to enforce RSA key length 2017-03-04 14:21:58 +01:00
Alexander Weidinger
674216d0ad openssh.auth_map 2017-03-04 14:21:53 +01:00
ek9
f192b91192 add more verbose warnings regarding ssh_config in pillar.example 2017-02-24 20:17:36 +01:00
ek9
ec796662bc pillar.example: update with secure defaults for sshd_config and ssh_config 2017-02-19 14:44:56 +01:00
ek9
d6e48f2b43 rebase based on latest update 2017-02-07 19:45:59 +01:00
Pandu E Poluan
18e1866ac5 Update pillar.example
`pillar.example` now contains information on how to use the
'string-or-list' feature for some options.

Also an explanation on the new `ConfigBanner` option.
2017-01-24 01:43:04 +07:00
ek9
33344743b0 Add ability to control SSH server status (default: on) 2015-12-27 18:17:01 +01:00
Forrest
ec663a6f5e Merge pull request #51 from mathieupotier/master
Put ssh keys on configured path in sshd_config (AuthorizedKeysFile)
2016-10-31 09:32:50 -07:00
Johannes Löthberg
a74d859992 Add AuthorizedKeysCommand to pillar.example
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2016-10-02 10:37:11 +02:00
Mathieu POTIER
4c814843f8 Merge remote-tracking branch 'refs/remotes/saltstack-formulas/master' 2016-08-02 09:46:08 +02:00
Pandu E Poluan
11ba2acea7 Give information on using moduli_source
Give additional comments to inform that moduli can also be provided via a file, using the moduli_source key.
2016-08-02 00:03:14 +07:00
Niels Abspoel
641851632f add more authentication options 2016-05-26 21:57:02 +02:00
Matthieu DERASSE
3542a1f534 Implement Session idle time out 2016-05-25 00:06:45 +02:00
POTIER Mathieu
dda1fb5128 Put ssh keys on configured path in sshd_config (AuthorizedKeysFile)
Signed-off-by: POTIER Mathieu <mathieu.potier@onzeway.eu>
2015-11-17 11:09:37 +01:00
Bogdan Radulescu
13cf374efe Added configuration options for ssh_config
Made a small change to reflect the default sshd_config
2015-10-01 15:21:16 +00:00
elfixit
18ba94d0fc add options to give a key size to generate_key 2015-07-12 18:09:26 +02:00
Ingo Bente
a927107b28 Adds support to customize /etc/ssh/moduli file 2015-07-02 19:09:41 +02:00
Ingo Bente
83bb5ac5a0 adds support to harden sshd_config (KeyExchange, Ciphers, MACs) 2015-06-30 14:33:57 +02:00
Niels Abspoel
2a68ccac1a Add option to remove ssh_host_keys 2015-06-07 20:37:33 +02:00
Niels Abspoel
3c828d9e08 Fix mine_function example in pillar.example
This fixes #34, salt version 2015.5.x needs an extra argument
for shell routines.
2015-05-28 23:00:27 +02:00
朱金贺
5f65e92ebd added the missing ":" and delete the redundant lines 2015-05-28 13:36:11 +08:00
Raphaël Hertzog
1b74efd2d0 Add a new openssh.known_hosts state
This state manages /etc/ssh/ssh_known_hosts and fills it with
public SSH host keys of other minions.
2015-03-26 17:50:32 +01:00
Bernd Schlapsi
128d4acfa2 Update pillar.example with two valid ssh-keys 2015-01-28 23:00:47 +01:00
Niels Abspoel
6e65cdad03 add DenyUsers and DenyGroups example 2015-01-17 20:04:03 +01:00
Niels Abspoel
33ee945557 Added AllowUsers,AllowGroups,DenyUsers,DenyGroups
This will add more options to set to secure openssh
- AllowUsers
- AllowGroups
- DenyUsers
- DenyGroups
2015-01-16 22:56:59 +01:00
Bohdan Kmit
b843d8168b add ed25519 host key type; add AuthenticationMethods option 2015-01-16 17:21:10 +00:00
Franz Pletz
5d0f69ad2c Cleanups for host key pillar example 2014-12-15 07:00:45 +01:00
Franz Pletz
33f21a0976 Add support for ED25519 host keys 2014-12-15 07:00:17 +01:00
Robert Fairburn
51277cc2f9 add pillar example 2014-09-19 11:42:17 -05:00
Nitin Madhok
df61e44fea Merge pull request #17 from alanpearce/generate-keys
Config: Add support for generating keys
2014-08-24 10:46:53 -05:00
Alan Pearce
eb9dec1b9d Update pillar example 2014-08-24 16:44:45 +01:00
Alan Pearce
25aa1a6733 Update pillar.example 2014-08-24 12:18:37 +01:00
Wes Turner
44946b4142 Add a UseDNS option to pillar.example 2014-07-22 00:37:41 -05:00
matthew-parlette
4b4f4b5d3d Explicitly defined options as strings.
This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
2014-04-27 14:52:58 -04:00
matthew-parlette
2f28a008c2 Cleared out static parts of config since it was causing issues 2014-04-25 16:33:07 -04:00
Seth House
351a6b81dc Merge remote-tracking branch 'origin/pr/3'
Conflicts:
	openssh/files/sshd_config
	openssh/init.sls
	pillar.example
2014-03-17 16:14:17 -06:00
Carlos Perelló Marín
e2cddca13e Reverted the namespace change to avoid conflicts and backward incompatibilities 2014-02-09 23:42:52 +01:00
Carlos Perelló Marín
47211d0648 Added support to manage ssh certificates 2014-02-09 23:38:30 +01:00
Kenny Do
b0c7009cb2 updated sshd_config file to be populated by pillar 2014-01-09 05:03:44 -08:00