Commit Graph

59 Commits

Author SHA1 Message Date
alxwr ea221ab52b feat(ssh_known_hosts): allow to omit IP addresses 2020-01-20 18:44:46 +00:00
Imran Iqbal 267042c838 test(inspec): add tests based on existing Serverspec tests (#168)
* ci(kitchen): use `openssh.config` as `state_top`
* Semi-automated using https://github.com/myii/ssf-formula/pull/33
* test(pillar): remove deprecated option and disabled method
* https://travis-ci.org/myii/openssh-formula/jobs/585340845#L1811-L1813:
* test(pillar): use same SSH options as used by Travis
* Using existing options locks out after `kitchen converge` (before `verify`)
* https://travis-ci.org/myii/openssh-formula/jobs/585356835#L2957-L2965:
* test(inspec): add tests based on existing Serverspec tests
* Follows on from #166
2019-09-16 20:28:05 +02:00
Imran Iqbal 6300ddf76c
feat(semantic-release): implement for this formula
* Close #165
* Move existing `.kitchen.yml` => `kitchen.vagrant.yml`
* Semi-automated using https://github.com/myii/ssf-formula/pull/30
* Fix errors shown below:

```bash
openssh-formula$ yamllint -s .
./pillar.example
  49:3      error    duplication of key "AllowUsers" in mapping  (key-duplicates)
  57:3      error    duplication of key "DenyUsers" in mapping  (key-duplicates)
  63:3      error    duplication of key "AllowGroups" in mapping  (key-duplicates)
  70:3      error    duplication of key "DenyGroups" in mapping  (key-duplicates)
  79:24     warning  truthy value should be one of [false, true]  (truthy)
  80:29     warning  truthy value should be one of [false, true]  (truthy)
  118:4     warning  missing starting space in comment  (comments)
  119:4     warning  missing starting space in comment  (comments)
  119:89    error    line too long (122 > 88 characters)  (line-length)
  120:4     warning  missing starting space in comment  (comments)
  120:89    error    line too long (144 > 88 characters)  (line-length)
  147:30    warning  truthy value should be one of [false, true]  (truthy)
  148:21    warning  truthy value should be one of [false, true]  (truthy)
  149:19    warning  truthy value should be one of [false, true]  (truthy)
  150:32    warning  truthy value should be one of [false, true]  (truthy)
  151:26    warning  truthy value should be one of [false, true]  (truthy)
  152:31    warning  truthy value should be one of [false, true]  (truthy)
  153:32    warning  truthy value should be one of [false, true]  (truthy)
  154:29    warning  truthy value should be one of [false, true]  (truthy)
  155:34    warning  truthy value should be one of [false, true]  (truthy)
  175:8     warning  missing starting space in comment  (comments)
  175:89    error    line too long (152 > 88 characters)  (line-length)
  176:8     warning  missing starting space in comment  (comments)
  176:89    error    line too long (126 > 88 characters)  (line-length)
  177:8     warning  missing starting space in comment  (comments)
  177:89    error    line too long (148 > 88 characters)  (line-length)
  213:18    warning  truthy value should be one of [false, true]  (truthy)
  219:18    warning  truthy value should be one of [false, true]  (truthy)
  225:18    warning  truthy value should be one of [false, true]  (truthy)
  241:22    warning  truthy value should be one of [false, true]  (truthy)
  243:22    warning  truthy value should be one of [false, true]  (truthy)
  244:20    warning  truthy value should be one of [false, true]  (truthy)
  245:21    warning  truthy value should be one of [false, true]  (truthy)
  254:24    warning  truthy value should be one of [false, true]  (truthy)
  255:22    warning  truthy value should be one of [false, true]  (truthy)
  256:23    warning  truthy value should be one of [false, true]  (truthy)
  265:22    warning  truthy value should be one of [false, true]  (truthy)
  268:21    warning  truthy value should be one of [false, true]  (truthy)
  269:20    warning  truthy value should be one of [false, true]  (truthy)
  270:21    warning  truthy value should be one of [false, true]  (truthy)
  279:26    warning  truthy value should be one of [false, true]  (truthy)
  280:24    warning  truthy value should be one of [false, true]  (truthy)
  281:25    warning  truthy value should be one of [false, true]  (truthy)
  307:16    warning  truthy value should be one of [false, true]  (truthy)
  308:6     warning  missing starting space in comment  (comments)
  314:6     warning  missing starting space in comment  (comments)
  316:24    warning  truthy value should be one of [false, true]  (truthy)
  339:89    error    line too long (546 > 88 characters)  (line-length)
  340:89    error    line too long (546 > 88 characters)  (line-length)
  341:89    error    line too long (546 > 88 characters)  (line-length)
  342:89    error    line too long (546 > 88 characters)  (line-length)
  344:4     warning  missing starting space in comment  (comments)
  345:4     warning  missing starting space in comment  (comments)
  357:19    warning  truthy value should be one of [false, true]  (truthy)

./openssh/osfamilymap.yaml
  1:1       warning  missing document start "---"  (document-start)

./openssh/osfingermap.yaml
  1:1       warning  missing document start "---"  (document-start)

./openssh/osmap.yaml
  1:1       warning  missing document start "---"  (document-start)

./openssh/defaults.yaml
  1:1       warning  missing document start "---"  (document-start)
  3:18      warning  truthy value should be one of [false, true]  (truthy)
  6:34      warning  too few spaces before comment  (comments)
  10:25     warning  truthy value should be one of [false, true]  (truthy)
  12:32     warning  too few spaces before comment  (comments)
  16:24     warning  truthy value should be one of [false, true]  (truthy)
  18:24     warning  too few spaces before comment  (comments)
  20:42     warning  too few spaces before comment  (comments)
  27:6      warning  missing starting space in comment  (comments)
```
2019-09-13 04:20:34 +01:00
Imran Iqbal f6dbca3352
fix: complete PR #164
* Use consistent Jinja whitespace control `{%- ... -}`
* Improve debug output (comments & whitespace control)
* Use exact state names with TOFS `files_switch`
* Add `ssh_known_hosts_src` to `defaults` (for consistency)
* Restrict `pillar.example` changes to TOFS only
* Use `fire_banner` in `pillar.example` to indicate available template
2019-07-04 01:42:19 +01:00
nb a47596f15a feat(TOFS): ssh sshd configs known_host and banner 2019-07-01 14:46:46 +11:00
alxwr d9653889fa removed deprecated options (#150) 2019-02-12 21:25:41 +01:00
reschl ffafd2a2f5 Support package versions (#134)
added possibility to configure server version and client version
with pillar example
2018-09-03 16:42:39 +02:00
Philippe Grégoire 7cfc9f5a04 Hint at `Host` support for `ssh_config` (#133)
The `ssh_config` state supports generating `Host` sections, but it is
buried in the source. By default, options are simply dumped in the
configuration file; without any `Host` directive.

This patch hints (and, actually, encourages) users to use `Host`
sections by updating the pillar example to use the `Hosts` directive
with the `*` pattern.
2018-08-24 12:14:26 +02:00
alxwr aa3da8f2c2 Pillar openssh.known_hosts_salt_ssh (#128)
* Pillar openssh.known_hosts_salt_ssh

* Dropped ill-named file

* Fixed aliasing of host names

* Improved pillar.example

* Opt-in to include localhost

* pillar/known_hosts_salt_ssh: clear cache in run()

* Dropped forgotten debugging output
2018-06-01 14:11:52 +02:00
Florian Ermisch bf9b9a335c Add `openssh:known_hosts:static` to README and pillar.example 2018-04-26 17:12:29 +02:00
Mario Fritschen e665450ed4 Changed expr_form to tgt_type for deprecation reasons. (#122) 2017-12-23 00:11:24 +01:00
alxwr 5e3368afcb drop default values (fixes #102) (#117)
* drop default values (fixes #102)
* hmac-ripemd160 was dropped in 7.6
2017-10-23 20:18:11 +02:00
Niels Abspoel 9cdb9aaba0 improve allow_deny_users_groups 2017-08-21 23:35:04 +02:00
Alexander Weidinger e523ae5281 Optionally add hostnames to known_hosts 2017-08-08 07:51:38 +02:00
Alexander Weidinger a5f4a56956 UsePrivilegeSeparation 'sandbox'
This is was introduced in 5.9, and is default in 6.1.
https://www.openssh.com/txt/release-5.9
https://www.openssh.com/txt/release-6.1
2017-08-01 00:02:03 +02:00
Andres Montalban 500c915c33 Allow to config banner in pillar 2017-07-27 19:55:34 -03:00
Alexander Weidinger d37de77ba2 Copied docs from commit to pillar.example 2017-07-04 22:05:56 +02:00
alxwr 844e96b57b Merge pull request #88 from alxwr/force_key_length
Opt-in to enforce RSA key length
2017-03-07 20:24:34 +01:00
Alexander Weidinger 6b23b28f52 Opt-in to enforce RSA key length 2017-03-04 14:21:58 +01:00
Alexander Weidinger 674216d0ad openssh.auth_map 2017-03-04 14:21:53 +01:00
ek9 f192b91192 add more verbose warnings regarding ssh_config in pillar.example 2017-02-24 20:17:36 +01:00
ek9 ec796662bc pillar.example: update with secure defaults for sshd_config and ssh_config 2017-02-19 14:44:56 +01:00
ek9 d6e48f2b43 rebase based on latest update 2017-02-07 19:45:59 +01:00
Pandu E Poluan 18e1866ac5 Update pillar.example
`pillar.example` now contains information on how to use the
'string-or-list' feature for some options.

Also an explanation on the new `ConfigBanner` option.
2017-01-24 01:43:04 +07:00
ek9 33344743b0 Add ability to control SSH server status (default: on) 2015-12-27 18:17:01 +01:00
Forrest ec663a6f5e Merge pull request #51 from mathieupotier/master
Put ssh keys on configured path in sshd_config (AuthorizedKeysFile)
2016-10-31 09:32:50 -07:00
Johannes Löthberg a74d859992 Add AuthorizedKeysCommand to pillar.example
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2016-10-02 10:37:11 +02:00
Mathieu POTIER 4c814843f8 Merge remote-tracking branch 'refs/remotes/saltstack-formulas/master' 2016-08-02 09:46:08 +02:00
Pandu E Poluan 11ba2acea7 Give information on using moduli_source
Give additional comments to inform that moduli can also be provided via a file, using the moduli_source key.
2016-08-02 00:03:14 +07:00
Niels Abspoel 641851632f add more authentication options 2016-05-26 21:57:02 +02:00
Matthieu DERASSE 3542a1f534 Implement Session idle time out 2016-05-25 00:06:45 +02:00
POTIER Mathieu dda1fb5128 Put ssh keys on configured path in sshd_config (AuthorizedKeysFile)
Signed-off-by: POTIER Mathieu <mathieu.potier@onzeway.eu>
2015-11-17 11:09:37 +01:00
Bogdan Radulescu 13cf374efe Added configuration options for ssh_config
Made a small change to reflect the default sshd_config
2015-10-01 15:21:16 +00:00
elfixit 18ba94d0fc add options to give a key size to generate_key 2015-07-12 18:09:26 +02:00
Ingo Bente a927107b28 Adds support to customize /etc/ssh/moduli file 2015-07-02 19:09:41 +02:00
Ingo Bente 83bb5ac5a0 adds support to harden sshd_config (KeyExchange, Ciphers, MACs) 2015-06-30 14:33:57 +02:00
Niels Abspoel 2a68ccac1a Add option to remove ssh_host_keys 2015-06-07 20:37:33 +02:00
Niels Abspoel 3c828d9e08 Fix mine_function example in pillar.example
This fixes #34, salt version 2015.5.x needs an extra argument
for shell routines.
2015-05-28 23:00:27 +02:00
朱金贺 5f65e92ebd added the missing ":" and delete the redundant lines 2015-05-28 13:36:11 +08:00
Raphaël Hertzog 1b74efd2d0 Add a new openssh.known_hosts state
This state manages /etc/ssh/ssh_known_hosts and fills it with
public SSH host keys of other minions.
2015-03-26 17:50:32 +01:00
Bernd Schlapsi 128d4acfa2 Update pillar.example with two valid ssh-keys 2015-01-28 23:00:47 +01:00
Niels Abspoel 6e65cdad03 add DenyUsers and DenyGroups example 2015-01-17 20:04:03 +01:00
Niels Abspoel 33ee945557 Added AllowUsers,AllowGroups,DenyUsers,DenyGroups
This will add more options to set to secure openssh
- AllowUsers
- AllowGroups
- DenyUsers
- DenyGroups
2015-01-16 22:56:59 +01:00
Bohdan Kmit b843d8168b add ed25519 host key type; add AuthenticationMethods option 2015-01-16 17:21:10 +00:00
Franz Pletz 5d0f69ad2c Cleanups for host key pillar example 2014-12-15 07:00:45 +01:00
Franz Pletz 33f21a0976 Add support for ED25519 host keys 2014-12-15 07:00:17 +01:00
Robert Fairburn 51277cc2f9 add pillar example 2014-09-19 11:42:17 -05:00
Nitin Madhok df61e44fea Merge pull request #17 from alanpearce/generate-keys
Config: Add support for generating keys
2014-08-24 10:46:53 -05:00
Alan Pearce eb9dec1b9d Update pillar example 2014-08-24 16:44:45 +01:00
Alan Pearce 25aa1a6733 Update pillar.example 2014-08-24 12:18:37 +01:00