Philippe Grégoire
7cfc9f5a04
Hint at Host
support for ssh_config
( #133 )
...
The `ssh_config` state supports generating `Host` sections, but it is
buried in the source. By default, options are simply dumped in the
configuration file; without any `Host` directive.
This patch hints (and, actually, encourages) users to use `Host`
sections by updating the pillar example to use the `Hosts` directive
with the `*` pattern.
2018-08-24 12:14:26 +02:00
alxwr
aa3da8f2c2
Pillar openssh.known_hosts_salt_ssh ( #128 )
...
* Pillar openssh.known_hosts_salt_ssh
* Dropped ill-named file
* Fixed aliasing of host names
* Improved pillar.example
* Opt-in to include localhost
* pillar/known_hosts_salt_ssh: clear cache in run()
* Dropped forgotten debugging output
2018-06-01 14:11:52 +02:00
Florian Ermisch
bf9b9a335c
Add openssh:known_hosts:static
to README and pillar.example
2018-04-26 17:12:29 +02:00
Mario Fritschen
e665450ed4
Changed expr_form to tgt_type for deprecation reasons. ( #122 )
2017-12-23 00:11:24 +01:00
alxwr
5e3368afcb
drop default values ( fixes #102 ) ( #117 )
...
* drop default values (fixes #102 )
* hmac-ripemd160 was dropped in 7.6
2017-10-23 20:18:11 +02:00
Niels Abspoel
9cdb9aaba0
improve allow_deny_users_groups
2017-08-21 23:35:04 +02:00
Alexander Weidinger
e523ae5281
Optionally add hostnames to known_hosts
2017-08-08 07:51:38 +02:00
Alexander Weidinger
a5f4a56956
UsePrivilegeSeparation 'sandbox'
...
This is was introduced in 5.9, and is default in 6.1.
https://www.openssh.com/txt/release-5.9
https://www.openssh.com/txt/release-6.1
2017-08-01 00:02:03 +02:00
Andres Montalban
500c915c33
Allow to config banner in pillar
2017-07-27 19:55:34 -03:00
Alexander Weidinger
d37de77ba2
Copied docs from commit to pillar.example
2017-07-04 22:05:56 +02:00
alxwr
844e96b57b
Merge pull request #88 from alxwr/force_key_length
...
Opt-in to enforce RSA key length
2017-03-07 20:24:34 +01:00
Alexander Weidinger
6b23b28f52
Opt-in to enforce RSA key length
2017-03-04 14:21:58 +01:00
Alexander Weidinger
674216d0ad
openssh.auth_map
2017-03-04 14:21:53 +01:00
ek9
f192b91192
add more verbose warnings regarding ssh_config in pillar.example
2017-02-24 20:17:36 +01:00
ek9
ec796662bc
pillar.example: update with secure defaults for sshd_config and ssh_config
2017-02-19 14:44:56 +01:00
ek9
d6e48f2b43
rebase based on latest update
2017-02-07 19:45:59 +01:00
Pandu E Poluan
18e1866ac5
Update pillar.example
...
`pillar.example` now contains information on how to use the
'string-or-list' feature for some options.
Also an explanation on the new `ConfigBanner` option.
2017-01-24 01:43:04 +07:00
ek9
33344743b0
Add ability to control SSH server status (default: on)
2015-12-27 18:17:01 +01:00
Forrest
ec663a6f5e
Merge pull request #51 from mathieupotier/master
...
Put ssh keys on configured path in sshd_config (AuthorizedKeysFile)
2016-10-31 09:32:50 -07:00
Johannes Löthberg
a74d859992
Add AuthorizedKeysCommand to pillar.example
...
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2016-10-02 10:37:11 +02:00
Mathieu POTIER
4c814843f8
Merge remote-tracking branch 'refs/remotes/saltstack-formulas/master'
2016-08-02 09:46:08 +02:00
Pandu E Poluan
11ba2acea7
Give information on using moduli_source
...
Give additional comments to inform that moduli can also be provided via a file, using the moduli_source key.
2016-08-02 00:03:14 +07:00
Niels Abspoel
641851632f
add more authentication options
2016-05-26 21:57:02 +02:00
Matthieu DERASSE
3542a1f534
Implement Session idle time out
2016-05-25 00:06:45 +02:00
POTIER Mathieu
dda1fb5128
Put ssh keys on configured path in sshd_config (AuthorizedKeysFile)
...
Signed-off-by: POTIER Mathieu <mathieu.potier@onzeway.eu>
2015-11-17 11:09:37 +01:00
Bogdan Radulescu
13cf374efe
Added configuration options for ssh_config
...
Made a small change to reflect the default sshd_config
2015-10-01 15:21:16 +00:00
elfixit
18ba94d0fc
add options to give a key size to generate_key
2015-07-12 18:09:26 +02:00
Ingo Bente
a927107b28
Adds support to customize /etc/ssh/moduli file
2015-07-02 19:09:41 +02:00
Ingo Bente
83bb5ac5a0
adds support to harden sshd_config (KeyExchange, Ciphers, MACs)
2015-06-30 14:33:57 +02:00
Niels Abspoel
2a68ccac1a
Add option to remove ssh_host_keys
2015-06-07 20:37:33 +02:00
Niels Abspoel
3c828d9e08
Fix mine_function example in pillar.example
...
This fixes #34 , salt version 2015.5.x needs an extra argument
for shell routines.
2015-05-28 23:00:27 +02:00
朱金贺
5f65e92ebd
added the missing ":" and delete the redundant lines
2015-05-28 13:36:11 +08:00
Raphaël Hertzog
1b74efd2d0
Add a new openssh.known_hosts state
...
This state manages /etc/ssh/ssh_known_hosts and fills it with
public SSH host keys of other minions.
2015-03-26 17:50:32 +01:00
Bernd Schlapsi
128d4acfa2
Update pillar.example with two valid ssh-keys
2015-01-28 23:00:47 +01:00
Niels Abspoel
6e65cdad03
add DenyUsers and DenyGroups example
2015-01-17 20:04:03 +01:00
Niels Abspoel
33ee945557
Added AllowUsers,AllowGroups,DenyUsers,DenyGroups
...
This will add more options to set to secure openssh
- AllowUsers
- AllowGroups
- DenyUsers
- DenyGroups
2015-01-16 22:56:59 +01:00
Bohdan Kmit
b843d8168b
add ed25519 host key type; add AuthenticationMethods option
2015-01-16 17:21:10 +00:00
Franz Pletz
5d0f69ad2c
Cleanups for host key pillar example
2014-12-15 07:00:45 +01:00
Franz Pletz
33f21a0976
Add support for ED25519 host keys
2014-12-15 07:00:17 +01:00
Robert Fairburn
51277cc2f9
add pillar example
2014-09-19 11:42:17 -05:00
Nitin Madhok
df61e44fea
Merge pull request #17 from alanpearce/generate-keys
...
Config: Add support for generating keys
2014-08-24 10:46:53 -05:00
Alan Pearce
eb9dec1b9d
Update pillar example
2014-08-24 16:44:45 +01:00
Alan Pearce
25aa1a6733
Update pillar.example
2014-08-24 12:18:37 +01:00
Wes Turner
44946b4142
Add a UseDNS option to pillar.example
2014-07-22 00:37:41 -05:00
matthew-parlette
4b4f4b5d3d
Explicitly defined options as strings.
...
This fixes an issue where PyYAML was converting yes and no into True and False in the generated sshd_config file.
2014-04-27 14:52:58 -04:00
matthew-parlette
2f28a008c2
Cleared out static parts of config since it was causing issues
2014-04-25 16:33:07 -04:00
Seth House
351a6b81dc
Merge remote-tracking branch 'origin/pr/3'
...
Conflicts:
openssh/files/sshd_config
openssh/init.sls
pillar.example
2014-03-17 16:14:17 -06:00
Carlos Perelló Marín
e2cddca13e
Reverted the namespace change to avoid conflicts and backward incompatibilities
2014-02-09 23:42:52 +01:00
Carlos Perelló Marín
47211d0648
Added support to manage ssh certificates
2014-02-09 23:38:30 +01:00
Kenny Do
b0c7009cb2
updated sshd_config file to be populated by pillar
2014-01-09 05:03:44 -08:00