From 57c82f33241faccf9277064b4647a7aa500b0192 Mon Sep 17 00:00:00 2001 From: Sander Klein Date: Fri, 15 May 2015 21:47:40 +0200 Subject: [PATCH 1/2] Add ~/.ssh/config management This adds the ability to manage the ~/.ssh/config file for users. --- pillar.example | 11 +++++++++++ users/init.sls | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/pillar.example b/pillar.example index 1dc0c6c..4526573 100644 --- a/pillar.example +++ b/pillar.example @@ -44,6 +44,17 @@ users: # than inline in pillar, this works. ssh_auth_sources: - salt://keys/buser.id_rsa.pub + # Manage the ~/.ssh/config file + ssh_config: + all: + hostname: "*" + options: + - "StrictHostKeyChecking no" + - "UserKnownHostsFile=/dev/null" + importanthost: + hostname: "needcheck.example.com" + options: + - "StrictHostKeyChecking yes" google_auth: ssh: | diff --git a/users/init.sls b/users/init.sls index 9326b26..2b740b5 100644 --- a/users/init.sls +++ b/users/init.sls @@ -208,6 +208,24 @@ users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}: {% endfor %} {% endif %} +{% if 'ssh_config' in user %} +users_ssh_config_{{ name }}: + file.managed: + - name: {{ home }}/.ssh/config + - user: {{ name }} + - group: {{ user_group }} + - mode: 640 + - contents: | + # Managed by Saltstack + {% for label, setting in user.ssh_config.items() %} + # {{ label }} + Host {{ setting.get('hostname') }} + {%- for opts in setting.get('options') %} + {{ opts }} + {%- endfor %} + {% endfor -%} +{% endif %} + {% if 'sudouser' in user and user['sudouser'] %} users_sudoer-{{ name }}: From 3a8d72b947c05d6ac5791e6b7d33d0355118c070 Mon Sep 17 00:00:00 2001 From: Sander Klein Date: Sat, 16 May 2015 09:56:20 +0200 Subject: [PATCH 2/2] Add "Do Not Edit" part --- users/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/users/init.sls b/users/init.sls index 2b740b5..30bbda8 100644 --- a/users/init.sls +++ b/users/init.sls @@ -217,6 +217,7 @@ users_ssh_config_{{ name }}: - mode: 640 - contents: | # Managed by Saltstack + # Do Not Edit {% for label, setting in user.ssh_config.items() %} # {{ label }} Host {{ setting.get('hostname') }}