From 18ba94d0fc69749fa1f03d9145d25d1856d56f46 Mon Sep 17 00:00:00 2001 From: elfixit Date: Sun, 12 Jul 2015 18:09:26 +0200 Subject: [PATCH] add options to give a key size to generate_key --- openssh/config.sls | 5 +++++ pillar.example | 1 + 2 files changed, 6 insertions(+) diff --git a/openssh/config.sls b/openssh/config.sls index e336fac..dc87341 100644 --- a/openssh/config.sls +++ b/openssh/config.sls @@ -17,7 +17,12 @@ sshd_config: {% if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %} ssh_generate_host_{{ keyType }}_key: cmd.run: + {%- if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', False) %} + {%- set keySize = salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', 4096) %} + - name: ssh-keygen -t {{ keyType }} -b {{ keySize }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key + {%- else %} - name: ssh-keygen -t {{ keyType }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key + {%- endif %} - creates: /etc/ssh/ssh_host_{{ keyType }}_key - user: root diff --git a/pillar.example b/pillar.example index e7d1575..80af4a6 100644 --- a/pillar.example +++ b/pillar.example @@ -91,6 +91,7 @@ openssh: ecdsa-sha2-nistp256 NOT_DEFINED generate_rsa_keys: False + generate_rsa_size: 4096 absent_rsa_keys: False provide_rsa_keys: False rsa: