Georg Pfuetzenreuter
7b808efdb5
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
33 lines
902 B
Plaintext
33 lines
902 B
Plaintext
{%- from slspath ~ '/../global/macros.jinja' import listeners -%}
|
|
{#-
|
|
{%- from '/tmp/salt-libertacasa/pillar/global/macros.jinja' import listeners with context -%}
|
|
#}
|
|
{%- set host = grains['host'] -%}
|
|
|
|
sshd_config:
|
|
ConfigBanner: |
|
|
### This file is managed via https://git.com.de/LibertaCasa/salt
|
|
### Manual changes will be overwritten
|
|
ListenAddress: {{ listeners() | indent }}
|
|
Protocol: 2
|
|
SyslogFacility: AUTH
|
|
LogLevel: FATAL
|
|
HostKey:
|
|
- /etc/ssh/{{ host }}
|
|
HostKeyAlgorithms: ssh-ed25519-cert-v01@openssh.com
|
|
HostCertificate: /etc/ssh/{{ host }}-cert.pub
|
|
TrustedUserCAKeys: /etc/ssh/user_ca
|
|
PasswordAuthentication: 'no'
|
|
LoginGraceTime: 1m
|
|
PermitRootLogin: 'no'
|
|
StrictModes: 'yes'
|
|
MaxAuthTries: 1
|
|
MaxSessions: 3
|
|
UsePAM: 'yes'
|
|
X11Forwarding: 'no'
|
|
PrintMotd: 'yes'
|
|
PrintLastLog: 'yes'
|
|
Subsystem: sftp /usr/lib/ssh/sftp-server
|
|
Banner: /etc/ssh/banner
|
|
|