2023-01-30 05:43:53 +01:00
|
|
|
{%- from slspath ~ '/../map.jinja' import listeners -%}
|
2023-01-26 23:05:21 +01:00
|
|
|
{#-
|
|
|
|
|
{%- from '/tmp/salt-libertacasa/pillar/global/macros.jinja' import listeners with context -%}
|
|
|
|
|
#}
|
|
|
|
|
{%- set host = grains['host'] -%}
|
|
|
|
|
|
|
|
|
|
sshd_config:
|
|
|
|
|
ConfigBanner: |
|
|
|
|
|
### This file is managed via https://git.com.de/LibertaCasa/salt
|
|
|
|
|
### Manual changes will be overwritten
|
|
|
|
|
ListenAddress: {{ listeners() | indent }}
|
|
|
|
|
Protocol: 2
|
|
|
|
|
SyslogFacility: AUTH
|
|
|
|
|
LogLevel: FATAL
|
|
|
|
|
HostKey:
|
|
|
|
|
- /etc/ssh/{{ host }}
|
|
|
|
|
HostKeyAlgorithms: ssh-ed25519-cert-v01@openssh.com
|
|
|
|
|
HostCertificate: /etc/ssh/{{ host }}-cert.pub
|
|
|
|
|
TrustedUserCAKeys: /etc/ssh/user_ca
|
|
|
|
|
PasswordAuthentication: 'no'
|
|
|
|
|
LoginGraceTime: 1m
|
|
|
|
|
PermitRootLogin: 'no'
|
|
|
|
|
StrictModes: 'yes'
|
|
|
|
|
MaxAuthTries: 1
|
|
|
|
|
MaxSessions: 3
|
|
|
|
|
UsePAM: 'yes'
|
|
|
|
|
X11Forwarding: 'no'
|
|
|
|
|
PrintMotd: 'yes'
|
|
|
|
|
PrintLastLog: 'yes'
|
|
|
|
|
Subsystem: sftp /usr/lib/ssh/sftp-server
|
2023-01-29 14:15:40 +01:00
|
|
|
Banner: /etc/ssh/banner
|
2023-01-26 23:05:21 +01:00
|
|
|
|
2023-01-29 15:49:48 +01:00
|
|
|
firewalld:
|
|
|
|
|
zones:
|
|
|
|
|
internal:
|
|
|
|
|
services:
|
|
|
|
|
- ssh
|
